Brand ClaimErleben, was verbindet

Advisory 2025-1767 - Citrix Systems ADC and NetScaler Gateway: Multiple Vulnerabilities

Achtung: You can now also find information from the Vulnerability Advisory Service in the CTI portal!
The CTI portal is available at the following address: https://cti-portal.telekom.net/advisories/2025-1767
Notice: This advisory is by exception shown completely public. You will regularly receive details on vulnerability information as a customer via your login or through our daily advisory e-mail.
5
Attack probability
high
5
Potential damage
high
remote anonymous attackerExploit available
Date
2025-08-27
Release
2025-08-27

Operating System

  • Appliance
  • Sonstiges

Software

  • Citrix Systems ADC 12.1-FIPS < 12.1-55.330
  • Citrix Systems ADC 12.1-NDcPP < 12.1-55.330
  • Citrix Systems ADC < 13.1-59.22
  • Citrix Systems ADC 13.1-FIPS < 13.1-37.241
  • Citrix Systems ADC 13.1-NDcPP < 13.1-37.241
  • Citrix Systems ADC < 14.1-47.48
  • Citrix Systems NetScaler Gateway < 13.1-59.22
  • Citrix Systems NetScaler Gateway < 14.1-47.48

Attack

A remote anonymous attacker or an attacker from an adjacent network can exploit multiple vulnerabilities in Citrix Systems ADC and Citrix Systems NetScaler Gateway in order to execute arbitrary code, to gain elevated privileges, to cause a Denial of Service condition or to perform other, unspecified attacks.

Description

Citrix Application Delivery Controller (ADC) is a solution for application provisioning and load balancing. Citrix NetScaler is an integrated solution for acceleration, traffic management and security for web applications. Citrix Access Gateway is a universally deployable SSL-VPN. Advanced Access Control (AAC) enables administrators to define access controls for the Access Gateway.

CVE-2025-7775

There is a vulnerability in Citrix Systems ADC and NetScaler Gateway. Improper restriction of operations within the bounds of a memory buffer leads to a memory overflow vulnerability. The vulnerability only affects specific configurations, including systems configured as Gateway or AAA virtual servers and load balancing virtual servers of types HTTP, SSL, or HTTP_QUIC bound with IPv6 or DBS IPv6 services, as well as content routing virtual servers of type HDX. A remote, anonymous attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service condition. Reports indicate that this vulnerability can be used to deploy webshells and gain persistent backdoor access to targeted organizations.

CVSSv2 Base Score: 7.6 / Temporal Score: 6.6
AV:N/AC:H/AU:N/C:C/I:C/A:C/E:H/RL:OF/RC:ND
CVSSv3.1 Base Score: 9.0 / Temporal Score: 8.6
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:X

CVE-2025-7776

There is a vulnerability in Citrix Systems ADC and NetScaler Gateway. Improper restriction of operations within the bounds of a memory buffer leads to a memory overflow vulnerability. A remote anonymous attacker can exploit this vulnerability to cause a Denial of Service condition and to perform unspecified attacks. The issue is limited to instances where NetScaler is configured as a Gateway virtual server with a PCoIP profile bound to it.

CVSSv2 Base Score: 9.0 / Temporal Score: 6.6
AV:N/AC:L/AU:N/C:P/I:P/A:C/E:U/RL:OF/RC:ND
CVSSv3.1 Base Score: 9.9 / Temporal Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H/E:U/RL:O/RC:X

CVE-2025-8424

There is a vulnerability in Citrix Systems ADC and NetScaler Gateway. This flaw exists due to improper access control in the NetScaler Management Interface. An attacker from an adjacent network with access to NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with management access can exploit this vulnerability to gain elevated privileges.

CVSSv2 Base Score: 8.3 / Temporal Score: 6.2
AV:A/AC:L/AU:N/C:C/I:C/A:C/E:U/RL:OF/RC:ND
CVSSv3.1 Base Score: 9.6 / Temporal Score: 8.3
AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:X

The rating of the risk of this Advisory is based on the maximum values of all vulnerabilities. So the over all value is major than the value of the separate vulnerabilities.

Citrix has confirmed that the vulnerability CVE-2025-7775 is currently being actively exploited in the wild.

Recommendation

Citrix Systems provides updates. Please update your installation and see the vendor's advisory to find the proper version suitable for your environment.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Information

Citrix Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 dated 2025-08-26
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Europa CERT Advisory 2025-033 dated 2025-08-26
https://cert.europa.eu/publications/security-advisories/2025-033/

CISA Known Exploited Vulnerabilities Catalog dated 2025-08-26
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

References

CITRIX:CTX694938
CVE:CVE-2025-7775
CVE:CVE-2025-7776
CVE:CVE-2025-8424
EUVD:EUVD-2025-25838
EUVD:EUVD-2025-25868
EUVD:EUVD-2025-25901
VULNAME:CITRIXBLEED3

Disclaimer

*The probability of an attack is determined by the attacker's motivation, the necessary expend and the possibilities for an attack. The damage probability is determined by the expend needed to resolute the attack and probable indirect consequences of an attack for business processes. Telekom Security assumes worst case scenarios.

Copyright © 1999-2025 Deutsche Telekom Security GmbH. All rights reserved. Reproduction and distribution of this publication in any form - even in parts - without prior written permission is forbidden.

The information contained herein has been obtained from sources believed to be reliable and trusted or have been verified. Telekom Security can take liability for completeness, accuracy and correctness only in so far, as gross negligence or intention create liability. Any liability beyond it, in particular possible damages resulting from using or non-usability of the information contained herein, is excluded.