Vulners
Lucene search
NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX694938)
| Reporter | Title | Published | Views | Family All 42 |
|---|---|---|---|---|
 | Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller | 28 Aug 202507:22 | – | githubexploit |
| Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller | 31 Aug 202517:05 | – | githubexploit |
 | CVE-2025-8424 | 26 Aug 202513:11 | – | attackerkb |
 | CVE-2025-7775 | 26 Aug 202511:58 | – | circl |
| CVE-2025-7776 | 26 Aug 202512:04 | – | circl |
| CVE-2025-8424 | 26 Aug 202512:04 | – | circl |
 | Citrix NetScaler Memory Overflow Vulnerability | 26 Aug 202500:00 | – | cisa_kev |
 | CISA Adds One Known Exploited Vulnerability to Catalog | 26 Aug 202512:00 | – | cisa |
 | Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞 | 26 Aug 202500:00 | – | cnnvd |
| Citrix Systems ADC and NetScaler Gateway 安全漏洞 | 26 Aug 202500:00 | – | cnnvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(255232);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");
script_cve_id("CVE-2025-7775", "CVE-2025-7776", "CVE-2025-8424");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/08/28");
script_xref(name:"IAVA", value:"2025-A-0628-S");
script_name(english:"NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX694938)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NetScaler ADC (formerly Citrix ADC) or NetScaler Gateway (formerly Citrix Gateway) device is
version 14.1 prior to 14.1-47.48, 13.1 prior to 13.1-59.22, 13.1-FIPS prior to 13.1-37.241-FIPS, or 12.1-FIPS
prior to 12.1-55.330-FIPS. It is, therefore, affected by multiple vulnerabilities:
- Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC
and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP
Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB
virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6
servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type
(HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR
virtual server with type HDX (CVE-2025-7775)
- Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in
NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA
Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it (CVE-2025-7776)
- Improper access control on the NetScaler Management Interface in NetScaler ADCâ¯and NetScaler Gateway when
an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with
Management Access (CVE-2025-8424)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?92f23c61");
script_set_attribute(attribute:"solution", value:
"Upgrade to NetScaler ADC or NetScaler Gateway version 13.1-59.22, 14.1-47.48, 12.1-55.330-FIPS, 13.1-37.241-FIPS or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-7775");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/08/26");
script_set_attribute(attribute:"patch_publication_date", value:"2025/08/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/26");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/h:citrix:netscaler_gateway");
script_set_attribute(attribute:"cpe", value:"cpe:/h:citrix:netscaler_application_delivery_controller");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("citrix_netscaler_detect.nbin");
script_require_keys("Host/NetScaler/Detected");
exit(0);
}
include('vcf_extras_netscaler.inc');
var app_info = vcf::citrix_netscaler::get_app_info();
var constraints;
if (app_info['fips_status'] == 1)
constraints = [
{'fips':TRUE, 'min_version': '12.1', 'fixed_version': '12.1.55.330', 'fixed_display':'12.1-55.330-FIPS'},
{'fips':TRUE, 'min_version': '13.1', 'fixed_version': '13.1.37.241', 'fixed_display':'13.1-37.241-FIPS'}
];
else
constraints = [
{'min_version': '12.1', 'fixed_version': '12.9999999',
'fixed_display': '12.1 is now End Of Life (EOL) and is vulnerable. Upgrade to a supported fixed release.'},
{'min_version': '13.0', 'fixed_version': '13.0.9999999',
'fixed_display': '13.0 is now End Of Life (EOL) and is vulnerable. Upgrade to a supported fixed release.'},
{'min_version': '13.1', 'fixed_version': '13.1.59.22', 'fixed_display': '13.1-59.22'},
{'min_version': '14.1', 'fixed_version': '14.1.47.48', 'fixed_display': '14.1-47.48'}
];
vcf::citrix_netscaler::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jan 2026 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.19.8
CVSS 49.2
EPSS0.0779
SSVC