Cybersecurity experts are sounding the alarm after Citrix disclosed a new, critical zero-day vulnerability in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products, with evidence of active exploitation by attackers. The flaw, identified as CVE-2025-7775, is a memory overflow vulnerability that can allow an unauthenticated attacker to achieve remote code execution (RCE) or cause a denial-of-service (DoS) condition.
Citrix, a brand of Cloud Software Group, released security patches on August 26 to address the issue, along with two other high-severity vulnerabilities: CVE-2025-7776 (a separate memory overflow flaw) and CVE-2025-8424 (an improper access control issue on the management interface). The most severe of these, CVE-2025-7775, carries a critical CVSS score of 9.2, underscoring the urgent risk it poses to organizations.
According to the company and security researchers, the vulnerability affects a wide range of NetScaler versions, including those configured as VPN virtual servers, ICA proxies, or AAA virtual servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a deadline of August 28 to apply the necessary patches.
The rapid weaponization of this vulnerability is a cause for significant concern. Reports from security firms like VulnCheck and The Shadowserver Foundation indicate that thousands of NetScaler instances remain exposed and unpatched on the public internet. This leaves a vast attack surface for malicious actors, who have been observed deploying webshells to establish persistent backdoors into compromised networks.
This is the third actively exploited zero-day vulnerability in Citrix NetScaler products since June, following a troubling pattern of targeted attacks against these widely used enterprise devices. Experts warn that patching alone may not be sufficient, as attackers may have already gained a foothold. They strongly advise customers to not only apply the security updates immediately but also to conduct a thorough review of their systems for any signs of compromise.
Citrix customers running unsupported, end-of-life versions of NetScaler ADC and Gateway (versions 12.1 and 13.0) are at heightened risk and are urged to migrate to a supported and patched version as soon as possible. With no workarounds available to mitigate the vulnerabilities, prompt action is the only defense against potential remote code execution and data theft.
