- Citrix fixes three defects in NetScaler ADC and NetScaler Gateway
- Among them is a critical severity that that used as a zero day which allowed RCE and Dos attacks
Citrix corrected three bugs in its netscaler ADC and NetScaler instances, including a critical zero-day flaw which was apparently mistreated in the wild.
In a new opinion, the company said it has corrected several defects, including a vulnerability of memory overflow that could lead to distance code attacks (RCE) or Déni de service (DOS) in NetScaler ADC and NetScaler Gateway (when NetScaler is configured as Gateway or AAA Virtual Server).
Vulnerability is followed as CVE-2025-7775 and has a 9.2 / 10 (critical) severity score.
Configuration defects
Citrix urged users to repair immediately because the pirates are already taking advantage of the bug in real attacks.
“As of August 26, 2025 Cloud Software Group has reasons to believe that CVE-2025-7775 exploits on unmized devices have been observed, and highly recommends that customers upgrade their firmware netscal in the versions containing the fix because there is no attenuation available to protect against a potential feat,” said.
Fortunately, the use of the bug is not particularly simple, because the devices must be configured in a specific way for this to happen:
– NetScaler must be configured as a gateway (VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
– Netscaller ADC and Netscalier Gateway 13.1, 14.1, 13.1-FIPS and NDCPP: LB Virtual Servers of Type (HTTP, SSL or HTTP_QUIC) linked to IPv6 services or service groups linked with IPv6 servers
– Net ascaller ADC and Netscaler Gateway 13.1, 14.1, 13.1-FIPS and NDCPP: LB Virtual Servers of Type (HTTP, SSL or HTTP_QUIC) linked to DBS IPV6 services or services linked with DBS IPV6 servers
Citrix has published configuration parameters which can check whether the configuration of the Netscaller device leaves vulnerable to exploits.
The other two papped bugs are a vulnerability of memory overflow followed as CVE-2025-7776, and an incorrect access control on the Bug of the NetScaler management interface followed as CVE-2025-8424.
Via Bleeping Compompute
