Citrix has issued patches for three new vulnerabilities in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products, warning that at least one is under active exploitation.
The cloud computing company has warned the flaws could allow attackers to carry out denial-of-service (DOS) attacks, access sensitive data, and potentially take control of affected systems.
CVE-2025-7775 has a CVSS score of 9.2, and is a memory overflow vulnerability leading to remote code execution and/or denial of service.
CVE-2025-7776, meanwhile, has a CVSS score of 8.8 and is a memory overflow vulnerability that leads to unpredictable or erroneous behavior and DDoS.
Finally, CVE-2025-8424, with a CVSS score of 8.7, allows improper access control on the NetScaler Management Interface.
The list of affected versions includes:
- NetScaler ADC and NetScaler Gateway 14.1 versions before 14.1-47.48
- NetScaler ADC and NetScaler Gateway 13.1, before 13.1-59.22.
- NetScaler ADC 13.1-FIPS and NDcPP, before 13.1-37.241-FIPS
- NetScaler ADC 12.1-FIPS and NDcPP, before 12.1-55.330-FIPS
These unsupported and end-of-life versions are believed to account for as many as one-in-five NetScaler ADC and NetScaler Gateway installations.
“These flaws come as an unwelcome addition to the growing list documented in Citrix’s NetScaler ADC and NetScaler Gateway products," said Conor Agnew, head of compliance at Closed Door Security.
"The most dangerous of these newly discovered flaws has received a critical rating, and allows a hacker to take control of or even crash a system remotely, making use of a memory overflow to wreck systems. Threat actors do not even need user credentials to carry out the attack."
Citrix flaws under active exploitation
Over the last few weeks, CVE‑2025‑7775 has already been targeted in zero-day attacks to deploy backdoors, Citrix said.
Caitlin Condon, VP of security research at VulnCheck, said that memory corruption vulnerabilities like CVE-2025-7775 and CVE-2025-7776 can be tricky to exploit, and tend to be used by state-sponsored or other skilled adversaries in targeted attacks, rather than more broadly leveraged by commodity attackers.
"While the Citrix advisory only explicitly mentions active exploitation of CVE-2025-7775, management interfaces for firewalls and security gateways have been targeted en masse in recent threat campaigns," she warned.
"It's likely that exploit chains targeting these vulnerabilities in the future may try to combine an initial access flaw like CVE-2025-7775 with a flaw like CVE-2025-8424 with management interface compromise as a goal."
Customers are advised to install the updated versions of NetScaler ADC and NetScaler Gateway as soon as possible.
"Companies and governments need to be vigilant, and ensure they’re keeping all software up to date, and moving off of outdated and unsupported systems," said Agnew.
"Companies should reach out to their vendors while the security flaws are being reviewed by Citrix, to seek guidance and consult on best practices moving forward, especially in the event that companies are still on unsupported platforms.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Citrix wants to help enterprises dodge pricey hardware costs
- MCP servers used by developers and 'vibe coders' are riddled with vulnerabilities
- Industry welcomes the NCSC’s new Vulnerability Research Initiative
-
Okta acquires Axiom Security to enhance privileged access managementNews Axiom’s identity-centric PAM capabilities will be integrated into Okta’s Privilege Access platform over the coming months
-
These two CEOs took drastic action to drive workforce AI adoptionNews Justifying big money investment in AI projects has reached extreme levels in recent months, with some leaders even sacking employees who refuse to embrace the technology.
-
Citrix Bleed an “early Christmas present” for hackers as flaw claims latest victimNews Xfinity is the latest firm to fall victim to the Citrix Bleed vulnerability
-
Citrix Bleed remains out of control with thousands of appliances still vulnerableNews Thousands of organizations at risk of Citrix Bleed have still not patched, analysis suggests
-
What is Citrix Bleed and should you be worried?News A critical buffer over-read can expose sensitive information in affected devices
-
Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in EuropeNews More than 1,800 Citrix NetScaler devices still contained backdoors at the time of publication
-
Citrix discloses critical NetScaler Gateway vulnerabilityNews Users of affected products have been urged to implement patches immediately to mitigate risk
-
Citrix patches XenMobile vulnerabilityNews Positive Technologies spots serious flaw in Citrix XenMobile
-
Hackers are taking advantage of Citrix vulnerabilitiesNews Hackers discovered targeting corporate networks impacted by Citrix vulnerabilities
-
Citrix Synergy 2019: One year on GDPR is shaping the role of privacy in brand survivalIn-depth Despite big fines levied, Citrix’s privacy chief says we still don’t have a sense of what enforcement will look like
