CVE-2025-7776

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

Basic Information

CVE State: PUBLISHED
Reserved Date: July 17, 2025
Published Date: August 26, 2025
Last Updated: August 27, 2025
Vendor: NetScaler
Product: ADC, Gateway
Description: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

CVSS Scores

CVSS v4.0

8.8 - HIGH

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L

SSVC Information

Exploitation: none
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-08-28 11:25:26 UTC) Source

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-08-28 11:25:26 UTC

Timeline

CVE ID Reserved

July 17, 2025
CVE Published to Public

August 26, 2025
Added to KEVIntel

August 28, 2025