Zeljka Zorz
Zeljka Zorz, Editor-in-Chief, Help Net Security

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775)

Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks.

NetScaler CVE-2025-7775

“Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” Citrix has confirmed, and released security updates that fix the flaws.

The vulnerabilities

The three fixed vulnerabilities are:

  • CVE-2025-7775: A memory overflow vulnerability leading to pre-auth remote code execution (RCE) and/or denial of service (DoS)
  • CVE-2025-7776: A memory overflow vulnerability leading to unpredictable or erroneous behavior and DoS
  • CVE-2025-8424: An vulnerability stemming from improper access control on the NetScaler management interface

All three vulnerabilities are exploitable, but only on devices that are configured to provide certain functions (for specifics, consult the advisory).

The vulnerabilities affect:

  • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
  • NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
  • NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP

What to do?

Citrix says that Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities, and those have to be upgraded as well.

Fixed versions for the aforementioned branches have been provided. Users of NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0, which are no longer supported, are advised to upgrade to the latest available version in one of the still supported branches.

There are no workarounds or mitigating factors, the company noted.

Security researcher Kevin Beaumont has stated that CVE-2025-7775 is being used by attackers to deliver webshells that will provide them with a backdoor into the targeted organizations.

“Orgs will need to do [incident response] afterwards as technical details emerge of [the] backdoor,” he noted.

Citrix/NetScaler has had a bad run with exploited NetScaler ADC and Gateway zero-days this year: both CVE‑2025‑6543 and CVE‑2025‑5777 (aka CitrixBleed 2) have been exploited for months before getting patched.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!

More about

Featured news

Resources

Don't miss