CVE-2025-7776
Last modified
CVE-2025-7776 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it. EPSS estimates a 6.66% chance of exploitation in the next 30 days.
Description
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Citrix | Netscaler Application Delivery Controller | >= 12.1, < 12.1-55.330 |
| Citrix | Netscaler Application Delivery Controller | >= 13.1, < 13.1-37.241 |
| Citrix | Netscaler Application Delivery Controller | >= 13.1, < 13.1-59.22 |
| Citrix | Netscaler Application Delivery Controller | >= 14.1, < 14.1-47.48 |
| Citrix | Netscaler Gateway | >= 13.1, < 13.1-59.22 |
| Citrix | Netscaler Gateway | >= 14.1, < 14.1-47.48 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-7776?
How severe is CVE-2025-7776?
How do I fix CVE-2025-7776?
Are you affected by CVE-2025-7776?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST