Back to KEVs

CVE-2025-7775

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service

Basic Information

CVE State
PUBLISHED
Reserved Date
July 17, 2025
Published Date
August 26, 2025
Last Updated
February 26, 2026
Vendor
NetScaler
Product
ADC, Gateway
Description
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
Tags
cisa

CVSS Scores

CVSS v4.0

9.2 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 10:39:36 UTC) Source

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 10:39:36 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel