Cloud Software Group has issued an urgent security bulletin addressing three critical vulnerabilities affecting NetScaler ADC and NetScaler Gateway products, with one vulnerability already being actively exploited in the wild.
The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, pose significant risks to organizations relying on these network infrastructure components for application delivery and secure remote access.
Active Exploitation of Memory Overflow Flaw
The most severe vulnerability, CVE-2025-7775, carries a CVSS v4.0 base score of 9.2 and enables attackers to achieve remote code execution or denial of service through memory overflow conditions.
Cloud Software Group has confirmed that exploits targeting this vulnerability on unmitigated appliances have already been observed, making immediate patching a critical priority for affected organizations.
The vulnerability affects NetScaler instances configured as Gateway services (VPN virtual servers, ICA Proxy, CVPN, RDP Proxy), AAA virtual servers, or load balancing virtual servers bound with IPv6 services.
The memory buffer restriction weakness (CWE-119) allows network-based attackers to execute arbitrary code without requiring authentication, making it particularly dangerous for internet-facing deployments.
CVE-2025-7776 presents another memory overflow vulnerability with a CVSS score of 8.8, specifically targeting NetScaler Gateway configurations with PCoIP profiles.
While this vulnerability primarily leads to denial of service rather than code execution, it can cause unpredictable system behavior that disrupts critical network services.
Management Interface Access Control Bypass
The third vulnerability, CVE-2025-8424, addresses an improper access control issue within the NetScaler Management Interface, scoring 8.7 on the CVSS v4.0 scale.
This vulnerability affects access to NSIP (NetScaler IP), Cluster Management IP, local GSLB Site IP, or SNIP with Management Access, potentially allowing adjacent network attackers to gain unauthorized administrative access to NetScaler appliances.
| CVE Identifier | CVSS Score | Attack Vector | Primary Impact | Authentication Required |
|---|---|---|---|---|
| CVE-2025-7775 | 9.2 | Network | RCE/DoS | No |
| CVE-2025-7776 | 8.8 | Network | DoS | No |
| CVE-2025-8424 | 8.7 | Adjacent Network | Privilege Escalation | No |
Cloud Software Group strongly urges immediate deployment of updated versions across all affected NetScaler installations.
The recommended patches include NetScaler ADC and Gateway 14.1-47.48, 13.1-59.22, and corresponding FIPS/NDcPP releases 13.1-37.241 and 12.1-55.330.
Organizations running end-of-life versions 12.1 and 13.0 should prioritize migration to supported releases that address these vulnerabilities.
The security bulletin acknowledges security researchers Jimi Sebree from Horizon3.ai, Jonathan Hetzer from Schramm & Partner, and François Hämmerli for their responsible disclosure efforts.
The timing of this disclosure, combined with confirmed active exploitation, underscores the critical importance of rapid patch deployment across enterprise NetScaler deployments to prevent potential compromise of network infrastructure and sensitive data access.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The vulnerabilities, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, pose significant risks to organizations relying on these network infrastructure components for application delivery and secure remote access.){kind=link}