Citrix fastened three NetScaler ADC and NetScaler Gateway flaws at present, together with a important distant code execution flaw tracked as CVE-2025-7775 that was actively exploited in assaults as a zero-day vulnerability.
The CVE-2025-7775 flaw is a reminiscence overflow bug that may result in unauthenticated, distant code execution on susceptible units.
In an advisory launched at present, Citrix states that this flaw was noticed being exploited in assaults on unpatched units.
“As of August 26, 2025 Cloud Software program Group has purpose to consider that exploits of CVE-2025-7775 on unmitigated home equipment have been noticed, and strongly recommends prospects to improve their NetScaler firmware to the variations containing the repair as there are not any mitigations out there to guard towards a possible exploit.,” reads a weblog submit in regards to the flaw.
Whereas Citrix has not shared indicators of compromise or another data that could possibly be used to find out if units have been exploited, they did share that units have to be configured in one of many following configurations to be susceptible:
- NetScaler have to be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server
- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of sort (HTTP, SSL or HTTP_QUIC) sure with IPv6 providers or servicegroups sure with IPv6 servers
- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of sort (HTTP, SSL or HTTP_QUIC) sure with DBS IPv6 providers or servicegroups sure with IPv6 DBS servers
- CR digital server with sort HDX
In an advisory launched at present, Citrix shared configuration settings that may be checked to find out in case your NetScaler machine is utilizing one of many above configurations.
BleepingComputer contacted Citrix and Cloud Software program Group with questions in regards to the exploitation of CVE-2025-7775 and can replace our story if we obtain a reply.
Along with the RCE flaw, at present’s replace additionally addresses a reminiscence overflow vulnerability that would result in denial of service, tracked as CVE-2025-7776, and improper entry management on the NetScaler Administration Interface, tracked as CVE-2025-8424.
The issues affect the next variations:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
As there are not any mitigations, Citrix “strongly recommends” admins set up the most recent updates as quickly as potential.
Citrix says the failings have been disclosed by Jimi Sebree of Horizon3.ai, Jonathan Hetzer, of Schramm & Partnerfor and François Hämmerli. Nevertheless, it’s unclear who found what bug.
In June, Citrix disclosed an out-of-bounds reminiscence learn vulnerability tracked as CVE-2025-5777 and dubbed “Citrix Bleed 2,” which permits attackers to entry delicate data saved in reminiscence.
This flaw was actively exploited almost two weeks earlier than proof-of-concept (PoC) exploits have been launched in July, regardless of Citrix stating that there was no proof of assaults on the time.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
