CVE-2025-7776
Severity CVSS v4.0:
HIGH
Type:
CWE-119
Buffer Errors
Publication date:
26/08/2025
Last modified:
03/09/2025
Description
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
Impact
Base Score 4.0
8.80
Severity 4.0
HIGH
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* | 12.1 (including) | 12.1-55.330 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* | 12.1 (including) | 12.1-55.330 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* | 13.1 (including) | 13.1-37.241 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* | 13.1 (including) | 13.1-37.241 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* | 13.1 (including) | 13.1-59.22 (excluding) |
| cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* | 14.1 (including) | 14.1-47.48 (excluding) |
| cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* | 13.1 (including) | 13.1-59.22 (excluding) |
| cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* | 14.1 (including) | 14.1-47.48 (excluding) |
To consult the complete list of CPE names with products and versions, see this page