What is CVE-2025-7776?

CVE-2025-7776 is a vulnerability in Netscaler Adc, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2025-08-26.

Is CVE-2025-7776 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Netscaler Adc

CVE-2025-7776

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (55.0th percentile) — read the EPSS interpretation.

Affected products

Netscaler Adc — versions 14.1, 13.1, 13.1 FIPS and NDcPP
Netscaler Gateway — versions 14.1, 13.1, 13.1 FIPS and NDcPP

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

fox-it/citrix-netscaler-triage

References

support.citrix.com/support-home/kbsearch/article

Frequently asked questions

What is CVE-2025-7776?: CVE-2025-7776 is a vulnerability in Netscaler Adc, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2025-08-26.
Is CVE-2025-7776 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.