National Cyber Warfare Foundation (NCWF)

Citrix fixed three NetScaler flaws, one of them actively exploited in the wild
0 user ratings		2025-08-26 19:43:49
milo
Blue Team (CND)
Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed.” […


Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild.





Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild.





“Exploits of CVE-2025-7775 on unmitigated appliances have been observed.” reads the advisory.





Below is the description for these vulnerabilities:






  • CVE-2025-7775 (CVSS score: 9.2) – Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service. Pre-conditions for exploitation: NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers; NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers; or CR virtual server with type HDX




  • CVE-2025-7776 (CVSS score: 8.8) – Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service. Pre-conditions for exploitation: NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it. 




  • CVE-2025-8424 (CVSS score: 8.7) – Improper access control on the NetScaler Management Interface. Pre-conditions for exploitation: Access to NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access.





The company did not provide details about the attacks that exploited the flaw CVE-2025-7775.





Cloud Software Group urges NetScaler ADC and NetScaler Gateway customers to promptly update to secure versions: 14.1-47.48+, 13.1-59.22+, 13.1-FIPS/NDcPP 13.1-37.241+, and 12.1-FIPS/NDcPP 12.1-55.330+. Installing these updates is critical to mitigate security risks.





The vendor states that no workarounds are available.





The researchers Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor and François Hämmerli reported the vulnerabilities.





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, newsletter)



Source: SecurityAffairs
Source Link: https://securityaffairs.com/181567/hacking/citrix-fixed-three-netscaler-flaws-one-of-them-actively-exploited-in-the-wild.html

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.