CVE-2025-7775

CRITICAL KEV

NetScaler ADC/Gateway - RCE/DoS

Title source: llm

Description

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

Exploits (4)

nomisec WORKING POC 4 stars
by swabird · poc
https://github.com/swabird/CVE-2025-7775-PoC
nomisec SCANNER 2 stars
by rxerium · poc
https://github.com/rxerium/CVE-2025-7775
nomisec SCANNER 1 stars
by mr-r3b00t · poc
https://github.com/mr-r3b00t/CVE-2025-7775
nomisec WORKING POC
by Aaqilyousuf · poc
https://github.com/Aaqilyousuf/CVE-2025-7775-vulnerable-lab

References (2)

Scores

CVSS v3 9.8
EPSS 0.0574
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2025-08-26
VulnCheck KEV 2025-08-26
ENISA EUVD EUVD-2025-25838

Classification

CWE
CWE-119
Status published

Affected Products (4)

citrix/netscaler_application_delivery_controller < 12.1-55.330
citrix/netscaler_application_delivery_controller < 12.1-55.330
citrix/netscaler_application_delivery_controller < 13.1-59.22
citrix/netscaler_gateway < 13.1-59.22

Timeline

Published Aug 26, 2025
KEV Added Aug 26, 2025
Tracked Since Feb 18, 2026