9.8
CVE-2025-7775
- EPSS 7.3%
- Published 26.08.2025 13:15:32
- Last modified 27.08.2025 14:26:22
- Source secure@citrix.com
- Teams watchlist Login
- Open Login
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.330
Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 12.1 < 12.1-55.330
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.241
Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 13.1 < 13.1-37.241
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-59.22
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-47.48
Citrix ≫ NetScaler Gateway Version >= 13.1 < 13.1-59.22
Citrix ≫ NetScaler Gateway Version >= 14.1 < 14.1-47.48
26.08.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Citrix NetScaler Memory Overflow Vulnerability
VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
DescriptionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Required actions26.08.2025: CERT.at Warnung
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.3% | 0.913 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secure@citrix.com | 9.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.