Three vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway were patched: CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. CVE-2025-7775 is a memory overflow that permits pre-authentication remote code execution or denial of service and has confirmed observed exploitation. CVE-2025-7776 is a separate memory overflow that causes unexpected behavior and denial of service. CVE-2025-8424 is an access control flaw in the NetScaler management interface. Citrix urges affected customers to install updates immediately and states that no effective workarounds exist. Security experts warn that patching alone may not remove deployed backdoors and recommend incident review for prior compromise.
Citrix has issued patches in order to fix three newly-designated common vulnerabilities and exposures (CVEs) in the widely used NetScaler Application Delivery Controller (ADC) and NetScaler Gateway lines. The trio of bugs, which are tracked as CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 are, respectively, a memory overflow vulnerability that leads either to pre-authentication remote code execution (RCE) or denial of service (DoS), or both.
Per independent security analyst Kevin Beaumont, of the three flaws CVE-2025-7775 appears to be the most immediately dangerous issue. Citrix also confirmed talk of exploitation, noting in its advisory that: "Exploits of CVE-2025-7775 on unmitigated appliances have been observed". Commenting on the latest disclosure, Benjamin Harris, CEO and founder of watchTowr, said: "Well, well, well... another day ending in 'day.' Once again, we're seeing new vulnerabilities in Citrix NetScaler facilitating total compromise, with CVE-2025-7775 already being actively exploited to deploy backdoors."
Collection
[
|
...
]