Citrix patches a trio of high-severity security bugs, so be on your guard

News
By published

Flaws include a critical-severity issue used as a zero-day

Image depicting a hand on a scanner
Image Credit: Pixabay (Image credit: Pixabay)
  • Citrix fixes three flaws in NetScaler ADC and NetScaler Gateway
  • Among them is a critical-severity one used as a zero-day which allowed for RCE and DoS attacks

Citrix has fixed three bugs in its NetScaler ADC and NetScaler Gateway instances, including a critical zero-day flaw which was apparently being abused in the wild.

In a new advisory, the company said it patched multiple flaws, including a memory overflow vulnerability that could lead to remote code execution (RCE) or Denial of Service (DoS) attacks in NetScaler ADC and NetScaler Gateway (when NetScaler is configured as Gateway or AAA virtual server).

The vulnerability is tracked as CVE-2025-7775 and has a severity score of 9.2/10 (critical).

Configuration flaws

Citrix has urged users to patch up immediately since the hackers are already leveraging the bug in real-life attacks.

"As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the fix as there are no mitigations available to protect against a potential exploit," it said.

Fortunately, leveraging the bug is not particularly straightforward, as devices need to be configured in a specific way for that to happen:

- NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server

- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers

- NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers CR virtual server with type HDX

Citrix has released configuration settings that can check if the NetScaler device’s configuration leaves it vulnerable to exploits.

Other two bugs patched are a memory overflow vulnerability tracked as CVE-2025-7776, and an improper access control on the NetScaler Management Interface bug tracked as CVE-2025-8424.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.