CVE-2025-7776

CRITICAL

NetScaler ADC & Gateway - Memory Corruption

Title source: llm

Description

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

References (1)

Core 1

Core References

Vendor Advisory

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Scores

CVSS v3 9.8

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-119

Status published

Products (3)

citrix/netscaler_application_delivery_controller 12.1 - 12.1-55.330 (2 CPE variants)

citrix/netscaler_application_delivery_controller 13.1 - 13.1-59.22

citrix/netscaler_gateway 13.1 - 13.1-59.22

Published Aug 26, 2025

Tracked Since Feb 18, 2026