Helient Blog

Critical and Very High Security Vulnerabilities Announced for Citrix NetScaler

Written by Richard Charlton | Aug 26, 2025 3:04:50 PM

Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities allow for remote code execution, denial of service and improper access control.

Exploits of CVE-2025-7775 on unmitigated appliances have been observed.

All customer-managed devices, including those used for Secure Private Access or Secure Private Access Hybrid deployments, are vulnerable if they are running any of the following firmware versions:

  • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
  • ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
  • NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP

NB: Firmware versions 12.1 and 13.0 are now End of Life and no longer supported.


Details
The following CVEs are included in this announcement:

  • CVE-2025-7775 - Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service
    •  CVSS v4.0 Base Score: 9.2 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)
  • CVE-2025-7776 - Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service
    • CVSS v4.0 Base Score: 8.8 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L)
  • CVE-2025-8424 - Improper access control on the NetScaler Management Interface
    • CVSS v4.0 Base Score: 8.7 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)


Full details of the vulnerabilities can be found at https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424


What To Do
All Customers should upgrade to an updated firmware version as soon as possible since exploits of CVE-2025-775 have been observed on unmitigated appliances.

The following firmware versions contain the mitigation:

  • NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
  • NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
  • NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP


Next Steps
Customers are strongly encouraged to perform the required updates as soon as possible. Please reach out if you would like Helient Technologies’ highly experienced engineers to assist with the planning or deployment of these fixes. Email us at service@helient.com.
View full post