Alert issued: Severe weaknesses found in NetScaler ADC and NetScaler Gateway systems
Critical Security Vulnerabilities Discovered in Citrix NetScaler ADC and Gateway
Citrix has identified and addressed critical security vulnerabilities in its NetScaler Application Delivery Controller (ADC) and Gateway products. The vulnerabilities, collectively known as CVE-2025-8424 and CVE-2025-7775, affect various versions of NetScaler ADC and Gateway, as detailed below.
Affected Versions and Attack Surfaces
The vulnerabilities exist in NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, 13.1-FIPS and NDcPP before 13.1-37.241-FIPS and NDcPP, and 12.1-FIPS and NDcPP before 12.1-55.330-FIPS and NDcPP. The attack surfaces include Gateway functionalities, AAA Virtual Server, Virtual Load Balancer servers, Virtual CR servers, Secure Private Access On-Prem and Hybrid deployments.
CVE-2025-8424: Improper Access Control Vulnerability
CVE-2025-8424 is an improper access control vulnerability on the NetScaler management interface. It has a CVSS v4.0 - Base Score of 8.7. Exploits of this vulnerability have been observed on unprotected devices, potentially allowing remote code execution or denial-of-service (DoS). Prerequisites for CVE-2025-8424 include access to NSIP, cluster management IP, or local GSLB site IP or SNIP with administrative access.
CVE-2025-7775: Buffer Overflow Vulnerability
CVE-2025-7775 is a buffer overflow vulnerability leading to remote code execution and/or denial-of-service. It has a CVSS v4.0-Base Score of 9.2.
Remediation and Recommendations
Customers of NetScaler ADC and NetScaler Gateway are advised to install the corresponding updated versions to remediate CVE-2025-8424. The updated versions for NetScaler ADC and NetScaler Gateway include 14.1-47.48 and later versions, 13.1-59.22 and later versions of 13.1, 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later versions of 13.1-FIPS and 13.1-NDcPP, and 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later versions of 12.1-FIPS and 12.1-NDcPP.
Customers can determine if they have a device configured as one of the affected types by checking their NetScaler configuration for specific strings, or their ns.conf file for a specific string in the case of CVE-2025-7776.
End of Life (EOL) Versions
NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and are no longer supported. Customers must update their systems to the recommended builds to remediate the vulnerabilities.
Citrix's Response
Citrix is informing customers and partners about this potential security issue by publishing a security bulletin on the Citrix Knowledge Center. The organization has since issued an advisory and provided patches to fix these critical vulnerabilities as of August 26, 2025.
In conclusion, it is crucial for NetScaler ADC and Gateway users to update their systems to the recommended builds to protect their devices from potential remote code execution or denial-of-service attacks.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- House Infernos: Deadly Hazards Surpassing the Flames
- Rare Genetic Disease Affecting a Child: Lend a Hand to Those in Need
- Aspergillosis: Recognizing Symptoms, Treatment Methods, and Knowing When Medical Attention is Required
