Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Citrix Patches Exploited NetScaler Zero-Day

Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies.

Citrix vulnerabilities exploited

Citrix on Tuesday rolled out patches for three vulnerabilities in its NetScaler ADC and Gateway, including a critical-severity flaw exploited in the wild as a zero-day.

Tracked as CVE-2025-7775 (CVSS score of 9.2), the exploited bug is described as a memory overflow issue that can be triggered to cause a denial-of-service (DoS) condition. The security defect can also lead to remote code execution (RCE).

According to Citrix, the vulnerability impacts NetScaler instances configured as a gateway or as an AAA virtual server, or configured with a CR virtual server with type HDX.

Specific NetScaler versions that are bound with IPv6 services or service groups bound with IPv6 servers, or bound with DBS IPv6 services or service groups bound with IPv6 DBS servers, are also affected.

“As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the fix as there are no mitigations available to protect against a potential exploit,” Citrix notes in an alert.

The tech giant has not shared details on the observed attacks, nor indicators of compromise (IOCs), but the US cybersecurity agency CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog immediately, urging its immediate patching.

Advertisement. Scroll to continue reading.

As mandated by the Binding Operational Directive (BOD) 22-01, federal agencies typically have three weeks to apply fixes for security defects newly added to KEV, but they were given only two days (until August 28) to address CVE-2025-7775.

In addition to the zero-day, Citrix on Tuesday announced patches for CVE-2025-7776 (CVSS score of 8.8), a memory overflow leading to unexpected behavior and DoS, and CVE-2025-8424 (CVSS score of 8.7), an improper access control in NetScaler’s management interface that could lead to unauthorized access to certain files.

The three issues were resolved in NetScaler ADC and NetScaler Gateway versions 14.1-47.48, 13.1-59.22, 13.1-FIPS and 13.1-NDcPP 13.1-37.241, and 12.1-FIPS and 12.1-NDcPP 12.1-55.330.

In its advisory, Citrix warns that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 have been discontinued and are no longer supported, urging users to migrate to a supported release as soon as possible.

Related: Organizations Warned of Exploited Git Vulnerability

Related: ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities

Related: Inside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise Networks

Related: Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Jazz has named Sean Robinson, Rickie Goyal, Danielle Guetta, Shani Nago, and Lior Magram as VPs and Michael Calev as COO.

AJ Shipley has been appointed Chief Product Officer at CrowdStrike.

Brinqa has named Ron Dovich as Chief AI and Automation Officer, David Allen as CTO, Steve Biagioni as CFO, and James Walta as VP of Product.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.