Citrix NetScaler Devices Yet Again Under Attack

Citrix Publishes Patches After Attackers Exploit Memory Overflow Vulnerability David Perera (@daveperera) • August 26, 2025

NetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day.

See Also: Post-Quantum Cryptography - A Fundamental Pillar in the Future of Cybersecurity [ES]

Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775 to potentially execute remote code. The vulnerability carries a CVSS score of 9.2 out of a possible 10.

"There's a bunch of new NetScaler vulns being exploited as zero-days. Patches just out now," wrote security researcher Kevin Beaumont early on Tuesday morning.

The zero-day is one of three flaws for which Citrix published patches affecting the NetScaler application delivery controller and NetScaler Gateway, which can function as a VPN virtual server or proxy. Patches are available for currently supported versions - but "analysis of ...