CISA Issues Alert on Citrix NetScaler 0-Day RCE Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after detecting active exploitation of a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices.

Designated CVE-2025-7775, the flaw stems from a memory overflow in NetScaler’s traffic management subsystem and was recently added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Evidence indicates that sophisticated threat actors are leveraging this vulnerability in targeted intrusions against both public sector and private-sector enterprises.

Binding Operational Directive (BOD) 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities,” mandates that all Federal Civilian Executive Branch (FCEB) agencies must remediate any vulnerability listed in the KEV Catalog by the specified deadline.

Although this directive legally binds only FCEB agencies, CISA strongly urges every organization—regardless of sector—to prioritize patching CVE-2025-7775 and other KEV Catalog entries to minimize the risk of breach, data loss, or lateral movement by malicious actors ...