Wiz
Database delle vulnerabilitàCVE-2025-7775

CVE-2025-7775
Citrix ADC VPX Analisi e mitigazione delle vulnerabilità

Panoramica

On August 26, 2025, a critical memory overflow vulnerability (CVE-2025-7775) was discovered in Citrix NetScaler ADC and NetScaler Gateway. The vulnerability affects NetScaler appliances configured as Gateway or AAA virtual servers, certain Load Balancing (LB) virtual servers bound to IPv6 or DBS IPv6 services, and CR virtual servers of type HDX. The vulnerability has received a CVSS v4.0 score of 9.2 (Critical) and CVSS v3.1 score of 9.8 (Critical) (NVD, Arctic Wolf).

Dettagli tecnici

CVE-2025-7775 is a memory overflow vulnerability (CWE-119) that could lead to Remote Code Execution (RCE) and/or Denial of Service (DoS) when exploited. The vulnerability specifically affects systems when NetScaler is configured in specific ways, including Gateway configurations (VPN virtual server, ICA Proxy, CVPN, RDP Proxy), AAA virtual servers, or LB virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services (Hacker News).

Impatto

The vulnerability can result in Remote Code Execution and/or Denial of Service in affected systems. Public reports indicate that exploitation has led to dropped web shells on unpatched appliances. Given Citrix NetScaler's historical targeting by threat actors and the critical nature of this vulnerability, widespread exploitation is likely (Arctic Wolf).

Mitigazione e soluzioni alternative

Citrix has released fixes for affected versions and strongly recommends upgrading to the following versions: NetScaler ADC and Gateway 14.1-47.48 and later releases, 13.1-59.22 and later releases of 13.1, NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases, and NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases. No workarounds are available for this vulnerability (Citrix Advisory).

Reazioni della comunità

CISA has mandated Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability by August 28, 2025, within 48 hours of its addition to the KEV catalog. The cybersecurity community has noted this as particularly concerning given Citrix NetScaler's history as an attractive target for threat actors (CISA).

Risorse aggiuntive

FonteQuesto report è stato generato utilizzando l'intelligenza artificiale

Imparentato Citrix ADC VPX Vulnerabilità:

CVE ID

Severità

Punteggio

Tecnologie

Nome del componente

Exploit CISA KEV

Ha la correzione

Data di pubblicazione

CVE-2025-5777CRITICAL9.3
  • Citrix ADC VPXCitrix ADC VPX
  • cpe:2.3:a:citrix:netscaler_application_delivery_controller
Jun 17, 2025
CVE-2025-7775CRITICAL9.2
  • Citrix ADC VPXCitrix ADC VPX
  • cpe:2.3:a:citrix:netscaler_application_delivery_controller
Aug 26, 2025
CVE-2025-6543CRITICAL9.2
  • Citrix ADC VPXCitrix ADC VPX
  • cpe:2.3:a:citrix:netscaler_application_delivery_controller
Jun 25, 2025
CVE-2025-7776HIGH8.8
  • Citrix ADC VPXCitrix ADC VPX
  • cpe:2.3:a:citrix:netscaler_application_delivery_controller
NoAug 26, 2025
CVE-2025-8424HIGH8.7
  • Citrix ADC VPXCitrix ADC VPX
  • cpe:2.3:a:citrix:netscaler_application_delivery_controller
NoAug 26, 2025

Valutazione gratuita delle vulnerabilità

Benchmark della tua posizione di sicurezza del cloud

Valuta le tue pratiche di sicurezza cloud in 9 domini di sicurezza per confrontare il tuo livello di rischio e identificare le lacune nelle tue difese.

Richiedi valutazione

Ulteriori risorse Wiz

PEACH

PEACH

Un framework di isolamento del tenant

Richiedi una demo personalizzata

Pronti a vedere Wiz in azione?

"La migliore esperienza utente che abbia mai visto offre piena visibilità ai carichi di lavoro cloud."
David EstlickCISO (CISO)
"Wiz fornisce un unico pannello di controllo per vedere cosa sta succedendo nei nostri ambienti cloud."
Adam FletcherResponsabile della sicurezza
"Sappiamo che se Wiz identifica qualcosa come critico, in realtà lo è."
Greg PoniatowskiResponsabile della gestione delle minacce e delle vulnerabilità
Richiedi una demo