Citrix mounted three NetScaler ADC and NetScaler Gateway flaws right this moment, together with a vital distant code execution flaw tracked as CVE-2025-7775 that was actively exploited in assaults as a zero-day vulnerability.
The CVE-2025-7775 flaw is a reminiscence overflow bug that may result in unauthenticated, distant code execution on susceptible units.
In an advisory launched right this moment, Citrix states that this flaw was noticed being exploited in assaults on unpatched units.
“As of August 26, 2025 Cloud Software program Group has motive to consider that exploits of CVE-2025-7775 on unmitigated home equipment have been noticed, and strongly recommends clients to improve their NetScaler firmware to the variations containing the repair as there aren’t any mitigations out there to guard in opposition to a possible exploit.,” reads a weblog put up in regards to the flaw.
Whereas Citrix has not shared indicators of compromise or some other info that may very well be used to find out if units had been exploited, they did share that units have to be configured in one of many following configurations to be susceptible:
- NetScaler have to be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server
- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of kind (HTTP, SSL or HTTP_QUIC) sure with IPv6 companies or servicegroups sure with IPv6 servers
- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of kind (HTTP, SSL or HTTP_QUIC) sure with DBS IPv6 companies or servicegroups sure with IPv6 DBS servers
- CR digital server with kind HDX
In an advisory launched right this moment, Citrix shared configuration settings that may be checked to find out in case your NetScaler machine is utilizing one of many above configurations.
BleepingComputer contacted Citrix and Cloud Software program Group with questions in regards to the exploitation of CVE-2025-7775 and can replace our story if we obtain a reply.
Along with the RCE flaw, right this moment’s replace additionally addresses a reminiscence overflow vulnerability that would result in denial of service, tracked as CVE-2025-7776, and improper entry management on the NetScaler Administration Interface, tracked as CVE-2025-8424.
The failings impression the next variations:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.22
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.241-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.330-FIPS and NDcPP
As there aren’t any mitigations, Citrix “strongly recommends” admins set up the most recent updates as quickly as potential.
Citrix says the issues had been disclosed by Jimi Sebree of Horizon3.ai, Jonathan Hetzer, of Schramm & Partnerfor and François Hämmerli. Nevertheless, it’s unclear who found what bug.
In June, Citrix disclosed an out-of-bounds reminiscence learn vulnerability tracked as CVE-2025-5777 and dubbed “Citrix Bleed 2,” which permits attackers to entry delicate info saved in reminiscence.
This flaw was actively exploited practically two weeks earlier than proof-of-concept (PoC) exploits had been launched in July, regardless of Citrix stating that there was no proof of assaults on the time.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
