Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Multiple critical vulnerabilities in Citrix NetScaler, Can Be Exploited for Remote Code and DoS Execution, Patch Immediately!
Image
Published : 02/09/2025
Last update: 01/09/2025
Affected products:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
Type:
- Remote Code Execution and Denial of Service
CVE/CVSS:
- CVE-2025-7775: CVSS 9.2 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)
- CVE-2025-7776: CVSS 8.8 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:L)
- CVE-2025-8424: CVSS 8.7 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)
Sources
Citrix Security Bulletin - https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
Risks
On August 26, Citrix issued a security bulletin warning of three vulnerabilities in NetScaler ADC and NetScaler Gateway. These vulnerabilities enable an attacker to execute code and cause a denial-of-service attack remotely.
Exploitation could severely impact the Confidentiality, Integrity, and Availability of affected systems. Patching NetScaler is the only way to protect your organisation against these vulnerabilities, as there are no available mitigations.
Description
Using the memory overflow vulnerability enumerated as CVE-2025-7775, attackers can gain remote code execution and cause a denial-of-service (DoS) attack in NetScaler instances. For this vulnerability to be exploitable, the instance must be configured as a gateway, AAA virtual server, CR virtual server or LB virtual server. For a detailed overview of the affected configurations, see the Citrix Security Bulletin.
Using the memory overflow vulnerability enumerated as CVE-2025-7776, an attacker can cause unpredictable or erroneous behaviour and a denial-of-service attack. For a NetScaler instance to be affected, it must be configured as a Gateway VPN virtual server (ICA Proxy, CVPN, RDP Proxy) with a PCoIP profile bound to it.
There is an improper access control vulnerability in NetScaler, enumerated as CVE-2025-8424. To exploit this vulnerability, an attacker needs to have access to NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.