Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Citrix Patches Trio of NetScaler Bugs

Citrix fixed three NetScaler flaws, including a critical zero-day with a CVSS score of 9.2 that has been exploited to deploy webshell backdoors in enterprise networks.

  • On August 26, 2025, Citrix released fixes for three NetScaler ADC and NetScaler Gateway flaws, including the actively exploited CVE-2025-7775, with patches immediately available.
  • CVE-2025-7775 is a memory overflow bug enabling unauthenticated remote code execution or denial of service, exploiting NetScaler ADC and NetScaler Gateway configured as Gateway or AAA virtual servers or specific IPv6-bound LB servers.
  • The fixes arrive with credited disclosures from Jimi Sebree, Jonathan Hetzer, and François Hämmerli, and Cloud Software Group warns no workarounds exist, urging upgrades to 14.1-47.48+, 13.1-59.22+, 13.1-37.241+, and 12.1-55.330+.
  • Because CISA moved CVE-2025-7775 into its KEV catalog, Federal Civilian Executive Branch agencies must remediate within 48 hours, as attackers deploy persistent webshells, urging emergency patching and response.
  • Given NetScaler's history of pre-patch exploitation, NetScaler ADC and NetScaler Gateway remain prime targets for ransomware crews and state-sponsored operators, and exploit code may become available soon.
Insights by Ground AI
Does this summary seem wrong?

14 Articles

Tech RadarTech Radar
Center

Citrix patches a trio of high-severity security bugs, so be on your guard

Citrix urges users to apply the patch without delay to stay protected.

·United Kingdom
Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

NetScaler warns hackers are exploiting zero-day vulnerability

The company is urging customers to patch their devices immediately, saying the flaw could lead to denial of service or remote code execution.

Read Full Article
CyberScoopCyberScoop
Center

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June

Citrix and cybersecurity researchers warn a critical, zero-day vulnerability affecting multiple versions of Citrix NetScaler products is under active exploitation. Citrix issued a security bulletin about the vulnerability — CVE-2025-7775 — and urged customers on affected versions to install upgrades Tuesday. The memory-overflow vulnerability, which has an initial CVSS rating of 9.2, can be exploited to achieve remote-code execution or denial of …

Read Full Article
BleepingComputerBleepingComputer
Center

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.

Read Full Article
The RegisterThe Register
Center

Citrix patches trio of NetScaler bugs

: Criminals already abusing its latest zero-days

Read Full Article
WebProNewsWebProNews

Citrix Patches Critical Zero-Day in NetScaler ADC and Gateway

In the ever-evolving world of cybersecurity, where threats lurk in the shadows of enterprise networks, Citrix Systems Inc. has once again found itself at the center of a critical patching frenzy. The company recently released updates addressing three high-severity vulnerabilities in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products, with one flaw already exploited in the wild as a zero-day. This development under…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

Help Net Security broke the news in on Tuesday, August 26, 2025.
Sources are mostly out of (0)

Similar News Topics

CISA icon

CISA

News
For You
SearchBlindspotLocal