[Security Vulnerability Alert] Citrix's NetScaler ADC and NetScaler Gateway have two critical security vulnerabilities (CVE-2025-7775 and CVE-2025-7776)

[Security Vulnerability Alert] Citrix's NetScaler ADC and NetScaler Gateway have two critical security vulnerabilities (CVE-2025-7775 and CVE-2025-7776)

2025/8/28 ～ 2026/2/28

View Count：36

Forwarded by Taiwan Computer Network Crisis Response and Coordination Center (TWCERTCC-200-202508-00000017)

[Content Description]
Citrix NetScaler ADC (formerly Citrix ADC) is a network appliance designed to optimize, protect, and manage enterprise applications and cloud services. NetScaler Gateway (formerly Citrix Gateway) provides secure remote access solutions, allowing users to securely access applications and data from any location.

Citrix has released advisories for critical security vulnerabilities (CVE-2025-7775, CVSS 4.x:9.2, and CVE-2025-7776, CVSS 4.x:8.8). CVE-2025-7775 is a memory overflow vulnerability that could lead to remote code execution or a DoS attack; CVE-2025-7776 is a memory overflow vulnerability that could lead to unpredictable or erroneous behavior and a DoS attack. Furthermore, attackers have been observed exploiting CVE-2025-7775. It is recommended to implement temporary mitigation measures as soon as possible to prevent potential attacks targeting this vulnerability.

Note: Affected products NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are EoL (End of Life) products. Citrix recommends upgrading to supported versions.

[Affected Platforms]
● NetScaler ADC and NetScaler Gateway versions prior to (not including) 14.1-47.48
● NetScaler ADC and NetScaler Gateway versions prior to (not including) 13.1-59.22
● NetScaler ADC versions prior to (not including) 13.1-FIPS and NDcPP and prior to (not including) 13.1-37.241-FIPS and NDcPP
● NetScaler ADC versions prior to (not including) 12.1-FIPS and NDcPP and prior to (not including) 12.1-55.330-FIPS and NDcPP

[Recommended Action]
Please update to the following versions:
● NetScaler ADC and NetScaler Gateway 14.1-47.48 (inclusive) and later versions
● NetScaler ADC and NetScaler Gateway 13.1-59.22 (inclusive) and later versions
● NetScaler ADC 13.1-FIPS and NDcPP, 13.1-37.241-FIPS and NDcPP (inclusive) and later versions
● NetScaler ADC 12.1-FIPS and NDcPP, 12.1-55.330-FIPS and NDcPP (inclusive) and later versions

[Reference]
https://www.twcert.org.tw/tw/cp-169-10345-94c2a-1.html

[Security Vulnerability Alert] Citrix's NetScaler ADC and NetScaler Gateway have two critical security vulnerabilities (CVE-2025-7775 and CVE-2025-7776)

2025/8/28 ～ 2026/2/28

View Count：36

Files

參考資料

【Back】

[Security Vulnerability Alert] Citrix's NetScaler ADC and NetScaler Gateway have two critical security vulnerabilities (CVE-2025-7775 and CVE-2025-7776)

2025/8/28 ～ 2026/2/28

View Count：36

Files

system_update_alt參考資料

【Back】

參考資料