🔴 CVE-2025-7775

Critical memory overflow vulnerability in NetScaler ADC and Gateway allowing unauthenticated remote code execution. Active zero-day exploitation confirmed against internet-facing appliances with CISA KEV listing.

← Back to Overview
HIGH_RISK
Risk Level
9.2
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-26

Added to CISA KEV: 2025-08-26 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

CVE-2025-7775 is a critical memory overflow vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway. Here's what is known about its exploitation:

1. Impact on Internet-Facing Applications/Services:

  • The vulnerability specifically targets internet-facing Citrix NetScaler ADC and NetScaler Gateway appliances [1][2]. Many of these devices remain unpatched [1].
2. Evidence of Active Exploitation:
  • There is confirmed evidence of active exploitation of CVE-2025-7775 in the wild as a zero-day vulnerability [3][4]. Citrix, CISA, and various security researchers have observed exploits on unmitigated appliances [3][4].
3. Attack Vectors and Exploitation Methods:
  • The vulnerability is a memory overflow flaw that can lead to unauthenticated remote code execution (RCE) and/or denial of service (DoS) [1][5].
  • It can be exploited when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server [2].
  • It can also be exploited when NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS, and NDcPP have LB virtual servers of type (HTTP, SSL, or HTTP\_QUIC) bound with IPv6 services [2].
4. Targeted Attacks:
  • The vulnerability has been targeted in zero-day attacks [6][7]. While specific threat actor groups are not explicitly named, the rapid exploitation suggests sophisticated attackers [6][7].
5. CISA Known Exploited Vulnerabilities (KEV) Status:
  • CVE-2025-7775 has been added to CISA's Known Exploited Vulnerabilities Catalog [5][8], indicating observed active exploitation and a high priority for remediation [8].
6. Technical Details About Internet Exploitability:
  • The vulnerability is a memory overflow, allowing for pre-authentication remote code execution [1][5]. Its critical severity (CVSS 9.2) and unauthenticated nature make it highly exploitable over the internet, particularly against the widely deployed and often unpatched NetScaler devices [1].

Sources

  1. NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775 ...

    NetScaler has fixed 3 vulnerabilities in its ADC and Gateway devices, one of which (CVE-2025-7775) has been exploited in zero-day attacks.

  2. CVE-2025-7775 | Tenable®

    Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS…

  3. Security Bulletin - CITRIX | Support

    Exploits of CVE-2025-7775 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC ...

  4. NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775 ...

    Exploits of CVE-2025-7775 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.

  5. CVE-2025-7775 - NVD

    CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 8/26/2025 9:00:02 PM…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed