Citrix Patches Exploited NetScaler Zero-Day
securityweek
Citrix on Tuesday rolled out patches for three vulnerabilities in its NetScaler ADC and Gateway, including a critical-severity flaw exploited in the wild as a zero-day.
Tracked as CVE-2025-7775 (CVSS score of 9.2), the exploited bug is described as a memory overflow issue that can be triggered to cause a denial-of-service (DoS) condition. The security defect can also lead to remote code execution (RCE).
According to Citrix, the vulnerability impacts NetScaler instances configured as a gateway or as an AAA virtual server, or configured with a CR virtual server with type HDX.
Specific NetScaler versions that are bound with IPv6 services or service groups bound with IPv6 servers, or bound with DBS IPv6 services or service groups bound with IPv6 DBS servers, are also affected.
“As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE