CVE-2025-7775

CRITICAL KEV

Citrix NetScaler ADC and Gateway 12.1-13.1 - Remote Code Execution and Denial of Service via Memory Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-7775 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 26, 2025. EIP tracks 4 public exploits from researchers including swabird, rxerium, mr-r3b00t.

AI-analyzed exploit summary This repository contains a functional PoC for a hypothetical RCE vulnerability in Citrix NetScaler ADC/Gateway. The script sends a crafted POST request to a simulated vulnerable endpoint, attempting command injection and verifying execution by checking for a test file.

Description

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

Exploits (4)

nomisec WORKING POC 4 stars
by swabird · poc
https://github.com/swabird/CVE-2025-7775-PoC

This repository contains a functional PoC for a hypothetical RCE vulnerability in Citrix NetScaler ADC/Gateway. The script sends a crafted POST request to a simulated vulnerable endpoint, attempting command injection and verifying execution by checking for a test file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Citrix NetScaler ADC/Gateway
No auth needed
Prerequisites: Isolated network · Licensed NetScaler VPX instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec SCANNER 2 stars
by rxerium · poc
https://github.com/rxerium/CVE-2025-7775

This repository provides a Nuclei template for detecting CVE-2025-7775 in Citrix NetScaler by checking the last modified date of a specific file. It does not contain exploit code but scans for vulnerable instances.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Citrix NetScaler ADC and NetScaler Gateway
No auth needed
Prerequisites: Access to the target NetScaler instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 1 stars
by mr-r3b00t · poc
https://github.com/mr-r3b00t/CVE-2025-7775

This repository contains a PowerShell script designed to detect Citrix NetScaler instances by checking HTTP headers for version information and timestamps, specifically targeting CVE-2025-7775. It does not exploit the vulnerability but scans for potentially vulnerable systems.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Citrix NetScaler (Citrix ADC)
No auth needed
Prerequisites: List of target IPs in a file named 'targets.txt'
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Aaqilyousuf · poc
https://github.com/Aaqilyousuf/CVE-2025-7775-vulnerable-lab

This repository contains a functional vulnerable lab environment for CVE-2025-7775, demonstrating multiple vulnerabilities including RCE, path traversal, hardcoded credentials, insecure file upload, and SQL injection. The Flask application intentionally includes insecure code to simulate these vulnerabilities for testing purposes.

Classification
Working Poc 100%
Attack Type
Rce | Info Leak | Auth Bypass | Other
Complexity
Trivial
Reliability
Reliable
Target: Mock Vulnerable Citrix App (simulated)
No auth needed
Prerequisites: Docker environment · Network access to the vulnerable application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0779
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-08-26
VulnCheck KEV 2025-08-26
ENISA EUVD EUVD-2025-25838
CWE
CWE-119
Status published
Products (3)
citrix/netscaler_application_delivery_controller 12.1 - 12.1-55.330 (2 CPE variants)
citrix/netscaler_application_delivery_controller 13.1 - 13.1-59.22
citrix/netscaler_gateway 13.1 - 13.1-59.22
Published Aug 26, 2025
KEV Added Aug 26, 2025
Tracked Since Feb 18, 2026