Citrix today fixed the flaws of three Netscaler ADC and Netscaler Gateway, including an important remote code execution defects tracked as the CVE-2025-7775, actively exploited in attacks as a zero-day vulnerability.
The CVE-2025-7775 defect is a memory overflow bug that can cause informal, distance code execution on weak equipment.
In a consultant Today released, Citrix states that this defect was exploited in attacks on unpetitive devices.
“As of August 26, the 2025 Cloud Software Group has the reason for assuming that the exploits of CVE-2025-7775 have been seen on unmatched devices, and firmly recommends customers to upgrade their Netscaler firmware to the fix versions, as there are no mitigation available to save potential exploitation.” Reads a blog post about the defect.
While Citrix has not shared indicators of compromise or any other information, which can be used to determine whether the devices were exploited, they shared that the device should be configured in one of the following configurations which should be configured to weaken:
- Netscaler should be configured as a gateway (VPN virtual server, ICA proxy, cvpn, rdp proxy) or AAA Virtual Server
- Netscaler ADC and Netscaler Gateway 13.1, 14.1, 13.1-FIPS and NDCPP: LB Virtual Server of Type (HTTP, SSL or HTTP_QUIC) IPV6 with IPV6 servers with IPV6 services
- NETSCAler ADC and Netscaler Gateway 13.1, 14.1, 13.1-FIPS and NDCPP: LB Virtual Server of Type (HTTP, SSL or HTTP_QUIC) DBS IPV6 services or Services are bound with IPV6 DBS servers
- CR Virtual Server with Type HDX
In a consultant Produced today, Citrix shared configuration settings that can be tested to determine if your Netscaler device is using one of the above configurations.
Bleepingcomputer contacted the Citrix and Cloud software group with questions about the exploitation of CVE-2025-7775 and will update our story if we receive the answer.
Apart from RCE Flaw, today’s update also addresses a memory overflow vulnerability that can deny the service, which has been tracked as CVE-2025-7776, and has been tracked as improper access control, CVE-2025-8424 on Netscaler management interfaces.
Flaws affect the following versions:
- Netscaler Adc and Netscaler Gateway 14.1 14.1-47.48 before
- Netscaler Adc and Netscaler Gateway 13.1 before 13.1-59.22 before 13.1
- Netscaler ADC 13.1-FIPS and NDCPP 13.1-37.241-FIPS and NDCPP
- Netscaler ADC 12.1-FIPS and NDCPP 12.1-55.330-FIPS and NDCPP
Since there are no metagation, the Citrix “strongly recommends” admins install the latest updates as soon as possible.
Citrix states that the flaws were revealed by Jimmy Sebrey of the horizon. However, it is not clear who came to know what the bug is.
In June, Citrix disclosed an out-of-bound memory reed vulnerability tracked as Cve-2025-5777 and dubbed “Citrix Bleed 2”, which allows the attackers to reach sensitive information stored in memory.
In July, the defect was actively exploited about two weeks before the proof of the proof-of-concept (POC), yet there was no evidence of the attacks at that time.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
