Over 28,000 Citrix Servers at Risk from Active 0-Day RCE Exploit

A critical zero-day remote code execution (RCE) vulnerability is currently threatening the security of over 28,000 Citrix instances worldwide.

The flaw, designated as CVE-2025-7775, is being actively exploited by threat actors, prompting urgent security warnings from cybersecurity authorities and immediate action requirements from organizations running affected systems.

Widespread Vulnerability Exposure

The Shadowserver Foundation’s latest research reveals alarming statistics about the scope of this security crisis. As of August 26, 2025, more than 28,200 servers remain unpatched across the globe, creating a massive attack surface for cybercriminals.

The geographic distribution of vulnerable systems shows concerning concentrations, with the United States and Germany hosting the highest numbers of exposed servers.

This widespread exposure represents a significant cybersecurity emergency, as Citrix products are extensively deployed in enterprise environments for secure remote access and application delivery services.

The scale of potentially compromised infrastructure could impact thousands of organizations and ...