Over 28,000 Citrix NetScaler ADC and Gateway devices remain exposed to a critical remote code execution flaw (CVE-2025-7775) that is already under active exploitation. The vulnerability, reported as a zero-day by Citrix and CISA, impacts multiple supported versions, with no workarounds available other than upgrading to patched releases. Shadowserver scans revealed that most vulnerable instances are located in the U.S. (10,100), followed by Germany, the U.K., and several other countries. The flaw specifically affects NetScaler when used as Gateway/AAA virtual servers, LB virtual servers bound to IPv6, or CR virtual servers with HDX configuration.
Citrix has urged immediate upgrades to versions 14.1-47.48, 13.1-59.22, 13.1-37.241-FIPS/NDcPP, and 12.1-55.330-FIPS/NDcPP. Two additional high-severity bugs, CVE-2025-7776 and CVE-2025-8424, were also disclosed in the latest bulletin. Unsupported versions 12.1 and 13.0 remain vulnerable, requiring customers to move to supported builds. CISA has added CVE-2025-7775 to its Known Exploited Vulnerabilities list and ordered U.S. federal agencies to patch or discontinue affected products by August 28.
Read more...