Citrix ADC is an application delivery controller that analyzes application-specific traffic to distribute, optimize, and secure Layer 4-Layer 7 (L4–L7) network traffic intelligently for web applications.

Citrix ADC VPX

Citrix ADC CPX is a container-based application delivery controller that can be provisioned on a Docker host. Citrix ADC CPX enables customers to leverage Docker engine capabilities and use Citrix ADC load balancing and traffic management features for container-based applications.

Citrix ADC CPX

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service

CVE-2025-7775

Linux

Linux Kernel

Docker Desktop is an application for MacOS and Windows machines, aimed at developers and system administrators. It enables them to build and share containerized applications and microservices. Docker Desktop includes Docker Engine, Docker CLI, Docker Compose, and is fully integrated with the machine’s filesystem and networking.

Docker Desktop

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.



CVE-2025-9074

Windows

Windows Cumulative Update

FortiSIEM is a comprehensive, multi-vendor security information and event management (SIEM) solution designed to provide visibility, correlation, automated response, and remediation in a single, scalable solution.

FortiSIEM

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.

CVE-2025-25256

VulnCheck NVD++

NVIDIA Triton Inference Server, part of the NVIDIA AI platform and available with NVIDIA AI Enterprise, is open-source software that standardizes AI model deployment and execution across every workload.

Triton Inference Server

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.

CVE-2025-23334

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.

CVE-2025-23320

Improper access control on the NetScaler Management Interface

CVE-2025-8424

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

CVE-2025-7776

Python is a high-level, general-purpose programming language. Its key feature is the high readability of the code. It supports multiple programming paradigms, including Object-Oriented Programming (OOP) and Functional Programming.

Python

mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to `http://` backends. It does not affect mitmproxy's regular mode.
All users are encouraged to upgrade to mitmproxy 12.1.2, which includes a fixed version of h2.
More details about the vulnerability itself can be found at https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h.

GHSA-63cx-g855-hvv4

GitHub Advisory Database

C# is a general-purpose, multi-paradigm programming language encompassing strong typing, lexically scoped, imperative, declarative, functional, generic, object-oriented (class-based), and component-oriented programming disciplines.

### Summary
While Processing a crafted TIFF file, imagemagick crashes.
### Details
Following is the imagemagick version:
```
imagemagick_git/build_26jun23/bin/magick --version
Version: ImageMagick 7.1.1-13 (Beta) Q16-HDRI x86_64 56f478940:20230625 https://imagemagick.org
Copyright: (C) 1999 ImageMagick Studio LLC
License: https://imagemagick.org/script/license.php
Features: Cipher DPC HDRI 
Delegates (built-in): fontconfig freetype jbig jng jpeg lcms lzma pangocairo png tiff webp x xml zlib
Compiler: gcc (4.2)
```
### PoC
issue can be replicated with following command with provided POC file(sent over email):
```bash
magick poc.tiff /dev/null
```
### Impact
This can lead to application crash.
### Credits
Please give credits to Hardik shah of Vehere (Dawn Treaders team)

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-7775	CRITICAL	9.2	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	No	Yes	Aug 26, 2025
CVE-2025-9074	CRITICAL	9.3	Docker Desktop	cpe:2.3:a:docker:desktop	No	Yes	Aug 20, 2025
CVE-2025-25256	CRITICAL	9.8	FortiSIEM	cpe:2.3:a:fortinet:fortisiem	No	Yes	Aug 12, 2025
CVE-2025-23334	HIGH	7.5	Triton Inference Server	cpe:2.3:a:nvidia:triton_inference_server	No	Yes	Aug 06, 2025
CVE-2025-23320	HIGH	7.5	Triton Inference Server	cpe:2.3:a:nvidia:triton_inference_server	No	Yes	Aug 06, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-8424	HIGH	8.7	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	No	Yes	Aug 26, 2025
CVE-2025-7776	HIGH	8.8	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	No	Yes	Aug 26, 2025
CVE-2025-7775	CRITICAL	9.2	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	No	Yes	Aug 26, 2025
GHSA-63cx-g855-hvv4	MEDIUM	6.9	Python	mitmproxy	No	Yes	Aug 25, 2025
GHSA-fff3-4rp7-px97	LOW	1.1	C#	Magick.NET-Q16-x64	No	Yes	Aug 25, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?