Particle.news
Download on the App Store
11 ARTICLES
·
3d ago

Citrix Patches Three NetScaler Flaws as Zero-Day Is Actively Exploited

CISA put CVE-2025-7775 on its KEV list with a two‑day federal fix deadline, intensifying pressure to patch, then run incident response for potential webshells.

Citrix vulnerabilities exploited
Image
Image
Image

Overview

  • Citrix released fixes for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 in NetScaler ADC and Gateway, with 7775 enabling pre‑auth remote code execution or DoS and confirmed exploited on unmitigated appliances.
  • Researchers including Kevin Beaumont report CVE-2025-7775 is being used to drop webshells and backdoors, prompting warnings that patching must be followed by compromise assessment and cleanup.
  • CISA added CVE-2025-7775 to the Known Exploited Vulnerabilities catalog and gave federal agencies until August 28 to remediate or stop using affected devices.
  • Citrix provided no workarounds and said only specific firmware branches are fixed, while end‑of‑life releases such as NetScaler 12.1 and 13.0 will not receive patches and require upgrades.
  • Shadowserver internet scans identified more than 28,200 exposed Citrix instances vulnerable to CVE-2025-7775, with the largest concentration in the United States.