Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products.
The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, present severe security risks including remote code execution and denial of service capabilities.
Active Exploitation Confirmed
The most severe vulnerability, CVE-2025-7775, carries a CVSS v4.0 score of 9.2 and has been confirmed as actively exploited in the wild.
| CVE ID | CVSS Score | Severity | Vulnerability Type | Exploitation Status |
| CVE-2025-7775 | 9.2 | Critical | Memory Overflow → RCE/DoS | Active Exploitation |
| CVE-2025-7776 | 8.8 | High | Memory Overflow → DoS | No Known Exploitation |
| CVE-2025-8424 | 8.7 | High | Improper Access Control | No Known Exploitation |
This memory overflow flaw enables attackers to achieve remote code execution on unpatched NetScaler appliances configured as Gateway services or specific load balancer configurations with IPv6 support.
The vulnerability affects NetScaler devices configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual servers, as well as load balancer virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services.
The exploitation requires no authentication and can be triggered remotely over the network.
CVE-2025-7776 represents another memory overflow vulnerability with a CVSS score of 8.8, specifically targeting NetScaler Gateway configurations with PCoIP Profile bindings.
While this flaw leads to denial of service rather than code execution, it still poses significant operational risks.
The third vulnerability, CVE-2025-8424, addresses improper access control on the NetScaler Management Interface with a CVSS score of 8.7.
This flaw affects access through NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access enabled.
Affected Systems and Urgent Patching
The vulnerabilities impact multiple NetScaler product lines across several version branches:
| Product Version | Vulnerable Versions | Patched Versions |
| NetScaler ADC/Gateway 14.1 | Before 14.1-47.48 | 14.1-47.48 and later |
| NetScaler ADC/Gateway 13.1 | Before 13.1-59.22 | 13.1-59.22 and later |
| NetScaler ADC 13.1-FIPS/NDcPP | Before 13.1-37.241 | 13.1-37.241 and later |
| NetScaler ADC 12.1-FIPS/NDcPP | Before 12.1-55.330 | 12.1-55.330 and later |
Cloud Software Group strongly urges immediate patching, emphasizing that exploits targeting CVE-2025-7775 have been observed on unmitigated appliances.
The company notes that no workarounds or mitigating factors are available, making patching the only effective defense.
Organizations using Secure Private Access on-premises or hybrid deployments with NetScaler instances must also upgrade to address these vulnerabilities.
However, Citrix-managed cloud services and Adaptive Authentication services will receive automatic updates from Cloud Software Group.
The vulnerabilities were discovered through collaborative security research involving Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partner, and François Hämmerli.
Cloud Software Group acknowledged these researchers for their responsible disclosure and coordination in protecting customer environments.
The security bulletin, designated CTX694938, was published on August 26, 2025, with immediate availability of patched versions.
Organizations can verify their exposure by inspecting NetScaler configurations for specific virtual server types and IPv6 service bindings detailed in the technical advisory.
Given the active exploitation and critical nature of these vulnerabilities, cybersecurity teams should prioritize emergency patching schedules for all affected NetScaler deployments to prevent potential compromise.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
