Web Application Security090502427 - Citrix.NetScaler.ADC.Gateway.CVE-2025-7775.RCE
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Citrix NetScaler ADC and NetScaler Gateway.
The vulnerability is due to insufficient validation when processing a user-supplied HTTP request parameter. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.
Affected Products
NetScaler ADC and NetScaler Gateway 14.1 versions prior to 14.1-47.48
NetScaler ADC and NetScaler Gateway 13.1 versions prior to 13.1-59.22
NetScaler ADC 13.1-FIPS and NDcPP versions prior to 13.1-37.241-FIPS and NDcPP
NetScaler ADC 12.1-FIPS and NDcPP versions prior to 12.1-55.330-FIPS and NDcPP
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-09-15 | 0.00410 |
New
|
| ID | 1090502427 |
| Created | Sep 15, 2025 |
| Updated | Sep 15, 2025 |
| CVE ID | |
| Tags | Threat Signal |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Linux |
| Affected App | Other |
| Engine Version | 5.0.0 or later |