Critical security update announced for NetScaler Gateway and NetScaler
Summary
Cloud Software Group released builds on August 26, 2025, to address three security vulnerabilities. NetScaler Gateway & NetScaler is affected by CVE-2025-7775, which has a CVSS score of 9.2. CVE-2025-7776 impacts NetScaler Gateway (CVSS 8.8), CVE-2025-8424 impacts NetScaler (CVSS 8.7).
CISA Known Exploited Vulnerability
- Listed:
- Aug 26, 2025 · federal remediation due Aug 28, 2025
- Required action:
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- NetScaler ADC and NetScaler Gateway 14.1 before 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 before 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241-FIPS
- NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330-FIPS
Official advisory · high-confidence parse· fetched 5 days ago·verify at source
- 14.1-47.48
- 13.1-59.22
- 13.1-37.241-FIPS
- 12.1-55.330-FIPS
- 13.1-37.241
- 12.1-55.330
Official advisory · high-confidence parse· fetched 5 days ago·verify at source
Mitigation checklist
- Upgrade to a fixed build: 14.1-47.48, 13.1-59.22, 13.1-37.241-FIPS, 12.1-55.330-FIPS, 13.1-37.241, 12.1-55.330 or later for your release line.
- As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the fix as there are no mitigations available to protect against a potential exploit.
- If access to NetScaler console isn’t gated by IDAM solutions or if local authentication is still being used, CSG strongly recommends customers to consider using IDAM solutions and disabling local authentication.
- Additionally, NetScaler secure deployment practices recommend that NSIP not be exposed to the internet.
Official advisory · high-confidence parse· fetched 5 days ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.