MS-ISAC consultancy number:
2025-079
Published date (s):
08/27/2025
PREVIEW:
Several vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow the execution of remote code.
- NetScaler ADC is a networking product that works as an application delivery controller (ADC), a tool that optimizes, secures and ensures the reliable availability of applications for companies.
- Netscaling Gateway is a secure remote access solution that provides users with a single connection (SSO) to any device applications and resources.
Successful exploitation of these vulnerabilities could lead to the execution of the code remote (RCE) and / or the denial of service (back)
Threat intelligence:
Citrix indicates that CVE-2025-7775 exploits on unmized devices have been observed in the wild.
Affected systems:
- NetScaler ADC and NetScaler Gateway14.1BEFORE 14.1-47.48
- NetScaler ADC and NetScaler Gateway13.1BEFORE 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
Large and medium government entities
Small government
Large and medium business entities
Small business entities