Citrix on Tuesday rolled out patches for 3 vulnerabilities in its NetScaler ADC and Gateway, together with a critical-severity flaw exploited within the wild as a zero-day.
Tracked as CVE-2025-7775 (CVSS rating of 9.2), the exploited bug is described as a reminiscence overflow situation that may be triggered to trigger a denial-of-service (DoS) situation. The safety defect may also result in distant code execution (RCE).
In keeping with Citrix, the vulnerability impacts NetScaler situations configured as a gateway or as an AAA digital server, or configured with a CR digital server with kind HDX.
Particular NetScaler variations which are certain with IPv6 companies or service teams certain with IPv6 servers, or certain with DBS IPv6 companies or service teams certain with IPv6 DBS servers, are additionally affected.
“As of August 26, 2025 Cloud Software program Group has motive to imagine that exploits of CVE-2025-7775 on unmitigated home equipment have been noticed, and strongly recommends clients to improve their NetScaler firmware to the variations containing the repair as there are not any mitigations accessible to guard towards a possible exploit,” Citrix notes in an alert.
The tech large has not shared particulars on the noticed assaults, nor indicators of compromise (IOCs), however the US cybersecurity company CISA added the CVE to its Identified Exploited Vulnerabilities (KEV) catalog instantly, urging its fast patching.
As mandated by the Binding Operational Directive (BOD) 22-01, federal companies usually have three weeks to use fixes for safety defects newly added to KEV, however they got solely two days (till August 28) to handle CVE-2025-7775.
Along with the zero-day, Citrix on Tuesday introduced patches for CVE-2025-7776 (CVSS rating of 8.8), a reminiscence overflow resulting in sudden habits and DoS, and CVE-2025-8424 (CVSS rating of 8.7), an improper entry management in NetScaler’s administration interface that might result in unauthorized entry to sure recordsdata.Commercial. Scroll to proceed studying.
The three points had been resolved in NetScaler ADC and NetScaler Gateway variations 14.1-47.48, 13.1-59.22, 13.1-FIPS and 13.1-NDcPP 13.1-37.241, and 12.1-FIPS and 12.1-NDcPP 12.1-55.330.
In its advisory, Citrix warns that NetScaler ADC and NetScaler Gateway variations 12.1 and 13.0 have been discontinued and are not supported, urging customers emigrate to a supported launch as quickly as potential.
Associated: Organizations Warned of Exploited Git Vulnerability
Associated: ICS Patch Tuesday: Main Distributors Deal with Code Execution Vulnerabilities
Associated: Contained in the Darkish Internet’s Entry Financial system: How Hackers Promote the Keys to Enterprise Networks
Associated: Enterprise Secrets and techniques Uncovered by CyberArk Conjur Vulnerabilities
