Citrix is warning its customers about a critical zero-day vulnerability that affects multiple versions of Citrix NetScaler products and is currently being actively exploited. This vulnerability, identified as CVE-2025-7775, has a high CVSS rating of 9.2 and can lead to remote code execution or denial of service. Citrix has urged users to install necessary upgrades immediately.
In addition to CVE-2025-7775, Citrix disclosed two other vulnerabilities: CVE-2025-7776, another memory overflow issue affecting Citrix NetScaler ADC and NetScaler Gateway, and CVE-2025-8424, which impacts the management interface of these products. The Cybersecurity and Infrastructure Security Agency has added CVE-2025-7775 to its list of known exploited vulnerabilities.
Ben Harris, CEO of watchTowr, emphasized the urgency of patching and reviewing systems for signs of prior compromise, as attackers may have already deployed backdoors. Despite the severity of this vulnerability, its impact is different from those discovered earlier this year, though all pose significant risks.
Older versions of NetScaler ADC and Gateway, which are no longer supported, are also affected. These outdated versions are still widely used, posing a significant security risk. Scott Caveza from Tenable highlighted the high interest from attackers in exploiting Citrix vulnerabilities, describing these older versions as “ticking time bombs.”
Researchers have not yet detailed the full extent of the exploitation of this new zero-day, but there is concern that ransomware groups may soon take advantage of it. In a recent case, more than 11.5 million attack attempts were observed within a month of another vulnerability disclosure.
The ongoing targeting of critical software underscores the persistent threat from attackers, with some vulnerabilities being unavoidable due to the complexity of software. However, repeated trivial flaws leading to total system compromise are seen as unacceptable.
