Particle.news

Download on the App Store

Citrix NetScaler Zero‑Day Triggers Emergency Patching as Thousands of Devices Remain Exposed

Security agencies imposed a rapid patch deadline following scans that still found thousands of exposed gateways.

Overview

  • Citrix released fixes for three NetScaler flaws and confirmed in‑the‑wild exploitation of CVE‑2025‑7775, a memory overflow bug enabling pre‑auth remote code execution or denial of service.
  • CISA added CVE‑2025‑7775 to its Known Exploited Vulnerabilities catalog and ordered U.S. federal agencies to remediate by August 28 or discontinue use.
  • Shadowserver counted more than 28,200 vulnerable instances soon after disclosure, dropping to about 13,000 a day later, with the largest concentrations in the United States and Germany.
  • Researchers report CVE‑2025‑7775 has been used to plant webshells and backdoors, prompting warnings that patching should be paired with incident response and compromise hunting.
  • Citrix says there are no workarounds or published IOCs and notes many affected appliances run end‑of‑life versions that require upgrades, alongside additional fixes for CVE‑2025‑7776 and CVE‑2025‑8424.