Number: AL25-011
Date: August 27, 2025
Audience
This Alert is intended for IT professionals and managers of notified organizations.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
On August 26, 2025, Citrix published security advisories for critical vulnerabilities, CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424, affecting the following productsFootnote 1:
- NetScaler ADC and NetScaler Gateway 14.1 – versions prior to 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 – versions prior to 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP – versions prior to 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP – versions prior to 12.1-55.330-FIPS and NDcPP
CVE-2025-7775 is a memory overflow vulnerability that could lead to remote code execution and/or a denial of service in NetScaler ADC and NetScaler Gateway.
Further information about the impacted configurations of your appliance can be found in the Citrix advisoryFootnote 1.
CVE-2025-7776 is a memory overflow vulnerability leading to unpredictable or erroneous behaviour and Denial of Service when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to itFootnote 1.
CVE-2025-8424 is an improper access control vulnerability on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access Footnote 1.
Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by these vulnerabilities.
NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End-Of-Life (EOL) and no longer supportedFootnote 1.
Citrix reports that exploitation of CVE-2025-7775 against unmitigated appliances has been observedFootnote 1.
In response to these vulnerabilities, the Cyber Centre released AV25-543 on August 26Footnote 2. CISA added CVE-2025-7775 to their Known Exploited Vulnerabilities (KEV) catalogFootnote 3 on August 26, 2025.
The Cyber Centre is aware of online interest and speculation about these vulnerabilities and is publishing this Alert out of an abundance of caution.
Suggested actions
The Cyber Centre strongly recommends that organizations using Citrix NetScaler ADC and NetScaler Gateway appliances review the Citrix security bulletinsFootnote 1 and update or upgrade the affected systems to the following versions:
- NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP
In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre's Top 10 IT Security ActionsFootnote 4 as well as reviewing the Protecting your organization against denial-of-service attacks guidanceFootnote 5.
If activity matching the content of this alert is discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.