Detections
Analytics

NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX694938)

critical Nessus Plugin ID 255232

Language:

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

The remote NetScaler ADC (formerly Citrix ADC) or NetScaler Gateway (formerly Citrix Gateway) device is version 14.1 prior to 14.1-47.48, 13.1 prior to 13.1-59.22, 13.1-FIPS prior to 13.1-37.241-FIPS, or 12.1-FIPS prior to 12.1-55.330-FIPS. It is, therefore, affected by multiple vulnerabilities:

 - Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX (CVE-2025-7775)

 - Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it (CVE-2025-7776)
- Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access (CVE-2025-8424)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to NetScaler ADC or NetScaler Gateway version 13.1-59.22, 14.1-47.48, 12.1-55.330-FIPS, 13.1-37.241-FIPS or later.

See Also

http://www.nessus.org/u?92f23c61

Plugin Details

Severity: Critical

ID: 255232

File Name: netscaler_adc_gateway_CTX694938.nasl

Version: 1.3

Type: combined

Family: CGI abuses

Published: 8/26/2025

Updated: 8/29/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.3

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:P

CVSS Score Source: CVE-2025-7775

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 9.2

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Vulnerability Information

CPE: cpe:/h:citrix:netscaler_application_delivery_controller, cpe:/h:citrix:netscaler_gateway

Required KB Items: Host/NetScaler/Detected

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/26/2025

Vulnerability Publication Date: 8/26/2025

CISA Known Exploited Vulnerability Due Dates: 8/28/2025

Reference Information

CVE: CVE-2025-7775, CVE-2025-7776, CVE-2025-8424

IAVA: 2025-A-0628