Overview

• Citrix released fixes for CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424 affecting NetScaler ADC and Gateway, covering a pre-auth remote code execution bug, a second memory overflow, and a management interface access control weakness.
• The vendor confirmed in-the-wild abuse of CVE-2025-7775 (CVSS 9.2), and researchers report attackers are dropping webshells that can provide persistent access, prompting likely incident response needs.
• Citrix says there are no mitigations and customers must upgrade to supported fixed builds; users on end-of-life releases are advised to move to current versions rather than expect patches.
• Affected versions include NetScaler 14.1 before 14.1-47.48 and 13.1 before 13.1-59.22, with specified FIPS/NDcPP builds also impacted, and Secure Private Access on‑prem and hybrid deployments require updates.
• Citrix has not detailed how widespread the intrusions are, leaving the overall scale of compromise unknown.