Vulnerability DatabaseCVE-2025-7775

CVE-2025-7775:
Citrix ADC VPX vulnerability analysis and mitigation

Overview

On August 26, 2025, a critical memory overflow vulnerability (CVE-2025-7775) was discovered in Citrix NetScaler ADC and NetScaler Gateway. The vulnerability affects NetScaler appliances configured as Gateway or AAA virtual servers, certain Load Balancing (LB) virtual servers bound to IPv6 or DBS IPv6 services, and CR virtual servers of type HDX. The vulnerability has received a CVSS v4.0 score of 9.2 (Critical) and CVSS v3.1 score of 9.8 (Critical) (NVD, Arctic Wolf).

Technical details

CVE-2025-7775 is a memory overflow vulnerability (CWE-119) that could lead to Remote Code Execution (RCE) and/or Denial of Service (DoS) when exploited. The vulnerability specifically affects systems when NetScaler is configured in specific ways, including Gateway configurations (VPN virtual server, ICA Proxy, CVPN, RDP Proxy), AAA virtual servers, or LB virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services (Hacker News).

Impact

The vulnerability can result in Remote Code Execution and/or Denial of Service in affected systems. Public reports indicate that exploitation has led to dropped web shells on unpatched appliances. Given Citrix NetScaler's historical targeting by threat actors and the critical nature of this vulnerability, widespread exploitation is likely (Arctic Wolf).

Mitigation and workarounds

Citrix has released fixes for affected versions and strongly recommends upgrading to the following versions: NetScaler ADC and Gateway 14.1-47.48 and later releases, 13.1-59.22 and later releases of 13.1, NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases, and NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases. No workarounds are available for this vulnerability (Citrix Advisory).

Community reactions

CISA has mandated Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability by August 28, 2025, within 48 hours of its addition to the KEV catalog. The cybersecurity community has noted this as particularly concerning given Citrix NetScaler's history as an attractive target for threat actors (CISA).

Additional resources

Source: This report was generated using AI

Related Citrix ADC VPX vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-5777	CRITICAL	9.3	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	Yes	Yes	Jun 17, 2025
CVE-2025-7775	CRITICAL	9.2	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	Yes	Yes	Aug 26, 2025
CVE-2025-6543	CRITICAL	9.2	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	Yes	Yes	Jun 25, 2025
CVE-2025-7776	HIGH	8.8	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	No	Yes	Aug 26, 2025
CVE-2025-8424	HIGH	8.7	Citrix ADC VPX	cpe:2.3:a:citrix:netscaler_application_delivery_controller	No	Yes	Aug 26, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-7775: Citrix ADC VPX vulnerability analysis and mitigation