Citrix NetScaler Memory Overflow Vulnerability (CVE-2025-7776) Rated 8.8 High

Vulnerabilities: 

CVE‑2025‑7776 – 8.8 High 

Executive Summary 

Citrix has issued patches for a high‑severity flaw tracked as CVE‑2025‑7776. The bug affects NetScaler ADC and NetScaler Gateway appliances when a PCoIP Profile is bound to a Gateway (VPN virtual server, ICA Proxy, CVPN, or RDP Proxy). This vulnerability is a memory overflow that can cause devices to behave unpredictably or stop responding. While there is no evidence of exploitation at this time, its CVSS 4.0 rating of 8.8 means organizations should remediate quickly. 

Details 

• The issue is limited to deployments using a PCoIP Profile on a Gateway configuration. 

• Improper memory handling creates conditions where crafted requests could crash or disrupt service. 

• Versions impacted: This issue impacts NetScaler ADC and Gateway versions that are not on the most recent security builds. That includes 14.1 versions older than 14.1-47.48, 13.1 versions older than 13.1-59.22, and the FIPS/NDcPP editions of 13.1 and 12.1 if they are running builds earlier than 13.1-37.241 or 12.1-55.330. Organizations operating on these vulnerable builds should promptly apply the latest updates to reduce exposure and prevent possible attacks. 

Impact 

• Gateway services could become unstable or unavailable, affecting remote work and secure access. 

• Because only systems with PCoIP Profiles are exposed, the number of vulnerable deployments is smaller but still significant. 

• Even though exploitation has not been observed, the potential for disruption requires immediate action. 

Mitigation Strategies 

1. Review configurations by checking the ns.conf file for Gateway entries that reference PCoIP Profiles. 

2. Apply the latest patches released by Citrix (upgrade to fixed releases 14.1‑47.48, 13.1‑59.22, 13.1‑37.241 (FIPS/NDcPP), or 12.1‑55.330 (FIPS/NDcPP).  

3. Use the advisory dashboard to run a CVE‑2025‑7776 scan if managing via NetScaler Console. 
    

Sources 

• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 

• https://www.truesec.com/hub/blog/citrix-netscaler-cve-2025-7775-7776-8424-vulnerabilities 

• https://docs.netscaler.com/en-us/netscaler-application-delivery-management-software/current-release/instance-advisory/remediate-vulnerabilities-cve-2025-7776 

• https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html 

• https://nvd.nist.gov/vuln/detail/CVE-2025-7776 

• https://www.cyber.gc.ca/en/alerts-advisories/vulnerabilities-impacting-citrix-netscaler-adc-netscaler-gateway-cve-2025-7775-cve-2025-7776-cve-2025-8424 

Contributing Author  
 Benjamin Kalombo – Cybersecurity Analyst II