Security Bulletin: Citrix NetScaler Memory Overflow Remote Code Execution Vulnerability

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Citrix NetScaler Memory Overflow Remote Code Execution Vulnerability

CVSS Score: 9.2 (Critical) 
Identifier: CVE-2025-7775
Exploit or POC:  Yes — Actively exploited in the wild. Exploits have been observed.
Update:   CVE-2025-7775 – Citrix Security Advisory

Description: 

CVE-2025-7775 is a critical memory overflow vulnerability in NetScaler ADC and NetScaler Gateway appliances. The flaw can lead to unauthenticated remote code execution (RCE) and/or denial of service (DoS) when NetScaler is configured as a Gateway (such as VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or an AAA virtual server. Additional configurations impacted include:

• Load balancing virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services or service groups tied to IPv6 servers
• DBS IPv6 service bindings
• Cache redirection virtual servers of type HDX

Affected Versions:

• NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.48
• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.22
• NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241-FIPS and NDcPP
• NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330-FIPS and NDcPP
  
  

Mitigation Recommendation: 

Apply the latest updates immediately for the NetScaler ADC/Gateway appliance per Citrix advisory.

There are no available mitigations or workarounds — patching is the only protection.

Follow CISA's KEV directive: this vulnerability is included in the Known Exploited Vulnerabilities catalog with a required remediation deadline of August 28, 2025.