Citrix on Tuesday rolled out patches for three vulnerabilities in its NetScaler ADC and Gateway, including a critical-severity flaw exploited in the wild as a zero-day.
Tracked as CVE-2025-7775 (CVSS score of 9.2), the exploited bug is described as a memory overflow issue that can be triggered to cause a denial-of-service (DoS) condition. The security defect can also lead to remote code execution (RCE).
According to Citrix, the vulnerability impacts NetScaler instances configured as a gateway or as an AAA virtual server, or configured with a CR virtual server with type HDX.
Specific NetScaler versions that are bound with IPv6 services or service groups bound with IPv6 servers, or bound with DBS IPv6 services or service groups bound with IPv6 DBS servers, are also affected.
“As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the fix as there are no mitigations available to protect against a potential exploit,” Citrix notes in an alert.
The tech giant has not shared details on the observed attacks, nor indicators of compromise (IOCs), but the US cybersecurity agency CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog immediately, urging its immediate patching.
As mandated by the Binding Operational Directive (BOD) 22-01, federal agencies typically have three weeks to apply fixes for security defects newly added to KEV, but they were given only two days (until August 28) to address CVE-2025-7775.
In addition to the zero-day, Citrix on Tuesday announced patches for CVE-2025-7776 (CVSS score of 8.8), a memory overflow leading to unexpected behavior and DoS, and CVE-2025-8424 (CVSS score of 8.7), an improper access control in NetScaler’s management interface that could lead to unauthorized access to certain files.
The three issues were resolved in NetScaler ADC and NetScaler Gateway versions 14.1-47.48, 13.1-59.22, 13.1-FIPS and 13.1-NDcPP 13.1-37.241, and 12.1-FIPS and 12.1-NDcPP 12.1-55.330.
In its advisory, Citrix warns that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 have been discontinued and are no longer supported, urging users to migrate to a supported release as soon as possible.
Related: Organizations Warned of Exploited Git Vulnerability
Related: ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
Related: Inside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise Networks
Related: Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities
