The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler ADC and NetScaler Gateway appliances. The flaws, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, could enable denial of service, remote code execution, or unauthorized file access if left unpatched.
The most severe flaw, CVE-2025-7775 (CVSS 9.2), is a memory overflow vulnerability that can lead to denial of service and possibly remote code execution on NetScaler appliances. Exploitation requires specific preconditions such as NetScaler being configured as a Gateway, AAA virtual server, load balancer with IPv6 bindings, or cache redirection server with type HDX.
CSG warns that, “as of August 26, 2025 Cloud Software Group has reason to believe that this vulnerability has been exploited in the wild and strongly recommends customers to upgrade their NetScaler firmware… as there are no mitigations available.”
The second flaw, CVE-2025-7776 (CVSS 8.8), is also a memory overflow vulnerability, impacting NetScaler configurations where a Gateway (VPN vserver/ICA Proxy/CVPN/RDP Proxy) is bound with a PCoIP Profile. While CSG notes they have “not seen evidence of there being an exploit in the wild,” the bug could still cause unpredictable behavior or denial of service.
The third flaw, CVE-2025-8424 (CVSS 8.7), arises from improper access control on the NetScaler Management Interface. This could allow attackers to gain unauthorized file access if they have access to the NSIP, Cluster Management IP, GSLB Site IP, or SNIP with management rights.
While mitigations exist, the advisory cautions: “If access to NetScaler console isn’t gated by IDAM solutions or if local authentication is still being used, CSG strongly recommends customers to consider using IDAM solutions and disabling local authentication.”
The vulnerabilities impact:
- NetScaler ADC and Gateway 14.1 before 14.1-47.48
- NetScaler ADC and Gateway 13.1 before 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241
- NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330
Patched versions include:
- 14.1-47.48 and later
- 13.1-59.22 and later
- 13.1-FIPS/NDcPP 13.1-37.241 and later
- 12.1-FIPS/NDcPP 12.1-55.330 and later
Organizations should upgrade to the latest patched builds without delay, review secure deployment guides, and ensure management interfaces are not exposed to the internet.
Related Posts:
- Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited
- Citrix Alerts on Global Password Spraying Campaigns Targeting NetScaler Appliances
- Citrix NetScaler Under Siege: Significant Increase in Brute Force Attacks Observed
- CVE-2024-6235: NetScaler Console Flaw Enables Admin Access, PoC Publishes
- Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances
