Sep 2, 2025

Citrix NetScaler CVE-2025-7775, CVE-2025-7776, CVE-2025-8424

Citrix Netscaler ADCおよびGatewayの脆弱性(CVE-2025-7775)に関する注意喚起 (08/27-29)

Cloud Software Groupは、これらの脆弱性のうちCVE-2025-7775の悪用を確認しているとのこと 

 

III. 対策

Cloud Software Groupは本脆弱性を修正したバージョンへのアップデートを推奨しています。十分なテストを実施の上、修正済みバージョンの適用をご検討ください。詳細は、開発者が提供する情報「VI. 参考情報 - 脆弱性情報」を確認してください。

 

CITRIX | Support (08/26)

Description of Problem

Multiple vulnerabilities have been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.


Affected Versions

The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities: 

·       NetScaler ADC and NetScaler Gateway14.1BEFORE 14.1-47.48

·       NetScaler ADC and NetScaler Gateway13.1BEFORE 13.1-59.22

·       NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP

·       NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP

What Customers Should Do

Exploits of CVE-2025-7775 on unmitigated appliances have been observed.

Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible. 

·       NetScaler ADCand NetScaler Gateway 14.1-47.48 and later releases

·       NetScaler ADCand NetScaler Gateway 13.1-59.22 and later releases of 13.1

·       NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP

·       NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP

 (下線・太字化は筆者の加工)

 

Xユーザーのnekono_nanomotoniさん: 「NetScaler (Citrix) ADC/Gatewayで認証前コード実行の脆弱性がCVE-2025-7775 ゼロデイとして修正。本日時点で稼働する該当機器を調査するとグローバルで29901台、国内で374台、海外各国にも日系大手資産多数あり。侵害調査手法や攻撃規模は未開示。1ヶ月程度は情報注視を推奨 https://t.co/ripqjK9NRh https://t.co/FPUQfragmQ」 / X (08/27)

投稿者 時刻:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)