Netscaler Application Delivery Controller
CVE-2025-7776
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
AnalysisAI
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it Affected products include: Citrix Netscaler Application Delivery Controller, Citrix Netscaler Gateway.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended
Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a
Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler
Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated atta
Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that prod
Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli
Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network
Same weakness CWE-119 – Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today