—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.48

NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.22

NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241-FIPS and NDcPP

NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330-FIPS and NDcPP

Overview

Multiple vulnerabilities have been reported in NetScaler ADC and NetScaler Gateway which could allow an attacker to bypass the security restrictions, remote code execution or cause denial of service (DoS) condition on the targeted system.

Target Audience:

All end-user organizations and individuals using NetScaler ADC and NetScaler Gateway.

Risk Assessment:

High risk of unauthorized access to sensitive data and potential compromise.

Impact Assessment:

Remote code execution, Bypass security restrictions, Denial of service (DoS).

Description

NetScaler ADC is a network appliance (hardware, virtual, or cloud-based) designed to optimize, secure, and control application delivery. NetScaler Gateway provides secure remote access to internal applications, desktops, and data.

These vulnerabilities exist in NetScaler ADC and NetScaler Gateway due to improper access control and input handling flaws. An attacker could exploit these vulnerabilities by sending specially crafted network requests on the targeted system.

Successful exploitation of these vulnerabilities could allow an attacker to bypass the security restrictions, remote code execution or cause denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned in:

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Vendor Information

Citrix

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

References

Citrix

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

CVE Name

CVE-2025-7775

CVE-2025-7776

CVE-2025-8424

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiu/iUACgkQ3jCgcSdc

ys/PRw/8CCs6WM48JuWL0dGxnxLYg2x+uwZv25WbMbDA+RBVHNo9v9+4UxvPiZcZ

Z1FnpOADHCUbUhg2KZPZMkBMaQiKCYvLoyhCn4Is/vlAXKc3BZr7bKQWWLP5sbyz

DcyVgkTQldxRHnCxG3EYuA1954bRojxasqcsHVOKR1nyIbgt7Ahym79TC6YLgZZh

46skOfmxkQLeiEPL5G06neCKuuHl/tTASp7/+Gme67hEsRq5Xvkjeb4/SGIoWas0

uf4bmDGeXMVLKYVOjWWr3GtgYUVt7YkPK/V8SkjdTy1XpfkzWOTsUtTFwTldpV0x

bBldASo1tSqL7tKXTc9dtvNbeBMiaOCWjg03yjW+zI3ccXUinBdR0klVcyf9/mrK

YF4nlNzCPU0yBWLP4xJymEqizoZLKyjxrxLgbMup9YYfn5TizE50NIQSYbg5atwM

2Z0fcthFivrrafjXpcWBN6CT7CxQyBNPX0jyJ8gRtsU3m7V2xqQePA1ecK7lNDCT

ZqsO44Dn2ouvtzPu3J/RCpTuTeJzlnUfPV4ng9LCL9xL7bUg8nGoWJpUBaPT/eMX

6mcl2PUEOEHlJ8jjxduDGJIPedentWHV9y2CVsZZJeXcgqhLeU72vJ3+b/yaoIxy

xnmcpka68FG9nixUIei5IY8cxPkHCCe/QhsjJ8OvIle6N1nDjPY=

=t7Rm

—–END PGP SIGNATURE—–