Citrix: Security Vulnerabilities
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
CVSS Score
9.8
EPSS Score
0.002
Published
2025-08-26
CVE-2025-7775
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
(OR)
CR virtual server with type HDX
Known exploited
CVSS Score
9.8
EPSS Score
0.164
Published
2025-08-26
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
9.8
EPSS Score
0.03
Published
2025-06-25
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVSS Score
7.8
EPSS Score
0.0
Published
2025-06-17
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
CVSS Score
7.8
EPSS Score
0.0
Published
2025-06-17
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-17
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Known exploited
CVSS Score
7.5
EPSS Score
0.772
Published
2025-06-17
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
CVSS Score
7.5
EPSS Score
0.001
Published
2025-06-17
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac
CVSS Score
6.1
EPSS Score
0.0
Published
2025-02-20
Page 1