Citrix has patched three significant vulnerabilities in NetScaler ADC and Gateway, including the critical CVE-2025-7775, which was actively exploited as a zero-day. Customers are urged to update their firmware immediately to mitigate the risk of remote code execution and other exploits. #CVE-2025-7775 #NetScalerVulnerabilities
Keypoints
- Citrix released patches for three vulnerabilities affecting NetScaler ADC and Gateway.
- The critical flaw CVE-2025-7775 allows unauthenticated remote code execution via memory overflow.
- The flaw has been actively exploited in attacks prior to the patch release.
- Impact applies to specific configurations, such as Gateway virtual servers and IPv6-bound services.
- Earlier vulnerabilities include Citrix Bleed 2 (CVE-2025-5777), which exposed memory data to attackers.