CVE-2025-7775

ENISA EUVD: EUVD-2025-25838 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 5 articles Published: 2025-08-26

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

7.79%

probability

This CVE has a 7.79% probability of being exploited in the next 30 days.

0% Top 92.1th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

9.2

CRITICAL

Attack Vector

Network

Attack Complexity

High

Attack Requirements

Present

Privileges Required

None

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

High

Vulnerable System Availability Impact

High

Subsequent System Confidentiality Impact

Low

Subsequent System Integrity Impact

Low

Subsequent System Availability Impact

Low

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSS v3.1

Source: NVD

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

Affected Products

NetScaler

ADC

14.1 13.1 13.1 FIPS and NDcPP 12.1 FIPS and NDcPP

NetScaler

Gateway

14.1 13.1 13.1 FIPS and NDcPP 12.1 FIPS and NDcPP

citrix

netscaler application delivery controller

citrix

netscaler gateway

NetScaler

Gateway

14.1 <47.48

NetScaler

ADC

13.1 FIPS and NDcPP <37.241

NetScaler

Gateway

13.1 FIPS and NDcPP <37.241

NetScaler

Gateway

13.1 <59.22

NetScaler

ADC

12.1 FIPS and NDcPP <55.330

NetScaler

ADC

14.1 <47.48

NetScaler

Gateway

12.1 FIPS and NDcPP <55.330

NetScaler

ADC

13.1 <59.22

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime

Exploits & PoC

swabird/CVE-2025-7775-PoC

4 2025-08-28

rxerium/CVE-2025-7775

Detection for CVE-2025-7775

2 2025-10-14

mr-r3b00t/CVE-2025-7775

Version detection PowerShell

1 2025-09-02

Aaqilyousuf/CVE-2025-7775-vulnerable-lab

0 2025-08-30

4 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Signal Intelligence

Confidenceⓘ

85%

EPSS 7.79%

CVSS v4.0 9.2

CVSS v3.1 9.8

Mentions 5

Last Seen Mar 24, 2026

CNA Information

CNA Assigner

Citrix

CNA Title

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service

Analyst Note

BleepingComputer article explicitly states 'exploited in zero-day attacks' for this NetScaler RCE flaw. CVE published 2025-08-26 with simultaneous disclosure of active exploitation, meeting the core zero-day criterion of exploitation preceding or coinciding with patch availability.