DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-7775: Packet Panic: Dissecting the Citrix NetScaler IPv6 Memory Overflow (CVE-2025-7775)

#security #cve #cybersecurity

Packet Panic: Dissecting the Citrix NetScaler IPv6 Memory Overflow (CVE-2025-7775)

Vulnerability ID: CVE-2025-7775
CVSS Score: 9.8
Published: 2025-08-26

A critical memory overflow vulnerability in the core packet processing engine (nsppe) of Citrix NetScaler ADC and Gateway allows unauthenticated remote attackers to execute arbitrary code. The flaw is specifically triggered via manipulated IPv6 traffic on Load Balancers or standard Gateway configurations.

TL;DR

Citrix NetScaler contains a critical memory overflow (CWE-119) in its packet processing engine. Unauthenticated attackers can send malformed IPv6 packets or Gateway requests to trigger a buffer overflow, leading to Remote Code Execution (RCE) with root privileges. This was exploited as a zero-day in the wild.

⚠️ Exploit Status: ACTIVE

Technical Details

  • CWE ID: CWE-119
  • CVSS v3.1: 9.8 (Critical)
  • Attack Vector: Network (Unauthenticated)
  • EPSS Score: 0.12377 (93.69%)
  • Impact: Remote Code Execution (RCE)
  • Exploit Status: Active (Zero-Day)
  • Affected Component: nsppe (Packet Engine)

Affected Systems

  • Citrix NetScaler ADC
  • Citrix NetScaler Gateway
  • NetScaler ADC / Gateway 14.1: < 14.1-47.48 (Fixed in: 14.1-47.48)
  • NetScaler ADC / Gateway 13.1: < 13.1-59.22 (Fixed in: 13.1-59.22)
  • NetScaler ADC 13.1 FIPS: < 13.1-37.241 (Fixed in: 13.1-37.241)
  • NetScaler ADC 12.1 FIPS: < 12.1-55.330 (Fixed in: 12.1-55.330)

Exploit Details

  • Rapid7: Analysis of zero-day exploitation in the wild targeting Gateway configurations.
  • Arctic Wolf: Technical bulletin confirming exploitation and providing detection rules.

Mitigation Strategies

  • Firmware Upgrade
  • Attack Surface Reduction (Disable IPv6)
  • Management Interface Isolation

Remediation Steps:

  1. Identify the current firmware version via the GUI or CLI (show version).
  2. Download the appropriate build (e.g., 14.1-47.48) from the Citrix downloads portal.
  3. Backup the current configuration (save ns config) and download a full system backup.
  4. Upload the tgz file to /var/nsinstall and run the installer (./installns).
  5. Reboot the appliance.
  6. Post-reboot: Verify version and inspect /var/log/ns.log for anomalies.

References

Read the full report for CVE-2025-7775 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)