The U.S. CISA has added two Citrix vulnerabilities and one Git-related vulnerability to its KEV list, with some actively exploited in the wild, highlighting ongoing threats involving Citrix products. Organizations using NetScaler ADC and Gateway are urged to update their systems to mitigate these high-severity security risks. #CitrixVulnerabilities #NetScalerExploits
Keypoints
- CISA added two medium-severity Citrix vulnerabilities, CVE-2024-8069 and CVE-2024-8068, that were patched in November 2024.
- Citrix issued a warning about an actively exploited zero-day in NetScaler ADC and Gateway, particularly CVE-2025-7775.
- CVE-2025-7775 is a critical memory overflow flaw that leads to remote code execution and potential backdoors.
- Organizations are advised to update NetScaler systems to supported versions to protect against these vulnerabilities.
- Previous Citrix vulnerabilities, such as CVE-2025-5777, were exploited prior to public disclosure, emphasizing the need for timely patching.
Read More: https://thecyberexpress.com/cisa-citrix-vulnerabilities-exploited/