Critical memory overflow vulnerability in NetScaler ADC and Gateway allowing unauthenticated remote code execution. Active zero-day exploitation confirmed against internet-facing appliances with CISA KEV listing.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-08-26
Added to CISA KEV: 2025-08-26 0 DAY BETWEEN CVE AND KEV
NetScaler has fixed 3 vulnerabilities in its ADC and Gateway devices, one of which (CVE-2025-7775) has been exploited in zero-day attacks.
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or ...
Exploits of CVE-2025-7775 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC ...
Exploits of CVE-2025-7775 on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.
CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 8/26/2025 9:00:02 PM