【資安漏洞預警】Citrix旗下NetScaler ADC 和 NetScaler Gateway 存在2個重大資安漏洞(CVE-2025-7775和CVE-2025-7776)
[Security Vulnerability Alert] Citrix's NetScaler ADC and NetScaler Gateway have two critical security vulnerabilities (CVE-2025-7775 and CVE-2025-7776)

發布單位:圖資處數位服務組
日期範圍:2025/8/28 ~ 2026/2/28
 
發布單位:圖資處數位服務組
日期範圍:2025/8/28 ~ 2026/2/28
行政 行政公告
全體

轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202508-00000017

[內容說明]
Citrix旗下NetScaler ADC (原名為Citrix ADC)是一款網路設備,專為優化、保護及管理企業應用程式與雲端服務而設計;NetScaler Gateway (原名為Citrix Gateway)則提供安全的遠端存取解決方案,讓使用者能夠從任何地點安全存取應用程式和資料。

Citrix發布重大資安漏洞公告(CVE-2025-7775,CVSS 4.x:9.2 和 CVE-2025-7776,CVSS 4.x:8.8),CVE-2025-7775為記憶體溢位漏洞,導致遠端程式碼或DoS攻擊;CVE-2025-7776為記憶體溢位漏洞,導致不可預測或錯誤行為和DoS攻擊。 另外,CVE-2025-7775目前已觀察到有攻擊者利用,建議儘速採取暫時緩解措施,以防止針對此漏洞可能的攻擊發生。

備註:受影響產品NetScaler ADC 和 NetScaler Gateway 12.1和13.0已是EoL(End of Life)的產品,Citrix建議升級至支援版本

[影響平台]
● NetScaler ADC 和 NetScaler Gateway 14.1-47.48 (不含)之前版本
● NetScaler ADC 和 NetScaler Gateway 13.1-59.22 (不含)之前版本
● NetScaler ADC 13.1-FIPS 與 NDcPP 13.1-37.241-FIPS 與 NDcPP (不含)之前版本
● NetScaler ADC 12.1-FIPS 與 NDcPP 12.1-55.330-FIPS 與 NDcPP (不含)之前版本

[建議措施]
請更新至以下版本:
● NetScaler ADC 和 NetScaler Gateway 14.1-47.48 (含)之後版本
● NetScaler ADC 和 NetScaler Gateway 13.1-59.22 (含)之後版本
● NetScaler ADC 13.1-FIPS 與 NDcPP 13.1-37.241-FIPS 與 NDcPP (含)之後版本
● NetScaler ADC 12.1-FIPS 與 NDcPP 12.1-55.330-FIPS 與 NDcPP (含)之後版本

[參考資料]
https://www.twcert.org.tw/tw/cp-169-10345-94c2a-1.html

Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000017)

[Content Description]
Citrix NetScaler ADC (formerly Citrix ADC) is a network appliance designed to optimize, protect, and manage enterprise applications and cloud services. NetScaler Gateway (formerly Citrix Gateway) provides secure remote access solutions, allowing users to securely access applications and data from any location.

Citrix has released advisories for critical security vulnerabilities (CVE-2025-7775, CVSS 4.x:9.2, and CVE-2025-7776, CVSS 4.x:8.8). CVE-2025-7775 is a memory overflow vulnerability that could lead to remote code execution or a DoS attack; CVE-2025-7776 is a memory overflow vulnerability that could lead to unpredictable or erroneous behavior and a DoS attack. Furthermore, attackers have been observed exploiting CVE-2025-7775. It is recommended to implement temporary mitigation measures as soon as possible to prevent potential attacks targeting this vulnerability.

Note: Affected products NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are EoL (End of Life) products. Citrix recommends upgrading to supported versions.

[Affected Platforms]
● NetScaler ADC and NetScaler Gateway versions prior to (not including) 14.1-47.48
● NetScaler ADC and NetScaler Gateway versions prior to (not including) 13.1-59.22
● NetScaler ADC versions prior to (not including) 13.1-FIPS and NDcPP and prior to (not including) 13.1-37.241-FIPS and NDcPP
● NetScaler ADC versions prior to (not including) 12.1-FIPS and NDcPP and prior to (not including) 12.1-55.330-FIPS and NDcPP

[Recommended Action]
Please update to the following versions:
● NetScaler ADC and NetScaler Gateway 14.1-47.48 (inclusive) and later versions
● NetScaler ADC and NetScaler Gateway 13.1-59.22 (inclusive) and later versions
● NetScaler ADC 13.1-FIPS and NDcPP, 13.1-37.241-FIPS and NDcPP (inclusive) and later versions
● NetScaler ADC 12.1-FIPS and NDcPP, 12.1-55.330-FIPS and NDcPP (inclusive) and later versions

[Reference]
https://www.twcert.org.tw/tw/cp-169-10345-94c2a-1.html


相關附件
system_update_alt參考資料
【返回上頁】
Top↑