Full Report
Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and ensures the reliable availability of applications for businesses.NetScaler Gateway is a secure remote access solution that provides users with single sign-on (SSO) to applications and resources from any device, anywhere. Successful exploitation of these vulnerabilities could lead to remote code execution (RCE) and/or denial of service (DoS)
Analysis Summary
# Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. These vulnerabilities were observed in the wild, with Citrix indicating that exploits of CVE-2025-7775 on unmitigated appliances have been seen.
## Key Points
* Multiple vulnerabilities in NetScaler ADC and NetScaler Gateway could lead to remote code execution (RCE) and/or denial of service (DoS).
* Vulnerabilities include a memory overflow vulnerability leading to pre-auth RCE, another memory overflow vulnerability leading to DoS, and an improper access control vulnerability on the NetScaler management interface.
* Successful exploitation of these vulnerabilities could have significant impacts on affected systems.
## Threat Actors
- Citrix
- Associated groups/campaigns: None mentioned
- Known motivations: Exploitation for malicious purposes
## TTPs
- **Tactic**: Initial Access (TA0001)
- **Technique**: Exploit Public-Facing Application (T1190)
* A memory overflow vulnerability leading to pre-auth RCE and/or DoS.
* Another memory overflow vulnerability leading to unpredictable or erroneous behavior and DoS.
* An improper access control vulnerability on the NetScaler management interface.
## Affected Systems
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
## Mitigations
- Apply appropriate updates provided by Citrix to vulnerable systems immediately after testing.
- Establish a documented vulnerability management process for enterprise assets, with annual reviews.
- Perform application updates on enterprise assets through automated patch management on a monthly or more frequent basis.
- Perform automated vulnerability scans of internal enterprise assets on a quarterly or more frequent basis.
- Remediate detected vulnerabilities in software through processes and tooling on a monthly or more frequent basis.
## Conclusion
Multiple vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, which could allow for remote code execution. It is essential to apply updates provided by Citrix, establish a vulnerability management process, and perform regular patch management and vulnerability scans to mitigate this threat.