- Citrix fixes three deficiencies in Netscaler ADC and Netscaler Gateway
- Among them is a critical difficulty that is used as a zero-day that enabled RCE and DOS attacks
Citrix has established three bugs in its netcaler ADC and Netscaler Gateway deposits, including a critical zero-day error, which was apparently abused in nature.
In a new counseling, the company said it patched several shortcomings, including a memory overflow vulnerability that could lead to Remote Code Execution (RCE) or refusal of service (DOS) attacks in Netscaler ADC and Netscaler Gateway (when Netscaler is configured as gateway or AAA Virtual Server).
Vulnerability is traced as CVE-2025-7775 and has a severity of 9.2/10 (critical).
Configuration error
Citrix has encouraged users to immediately patch up as the hackers are already exploiting the mistake of the real life attack.
“As of August 26, 2025, Cloud Software Group has reason to believe that utilization of CVE-2025-7775 on unattended appliances has been observed, and strongly recommends customers to upgrade their Netscaler company to versions containing the court as there are no form changes available to protect against a potential exploit,” said. “
Fortunately, it is not very straightforward to take advantage of the error as devices need to be configured in a certain way for it to happen:
– Netscaler must be configured as Gateway (VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
-NetsCaler ADC and Netscaler Gateway 13.1, 14.1, 13.1-Fips and NDCPP: LB Virtual Servers of Type (HTTP, SSL or HTTP_QUIC) tied with IPV6 services or service groups tied with IPV6 servers
-Netscaler ADC and Netscaler Gateway 13.1, 14.1, 13.1-Fips and NDCPP: LB Virtual Servers of Type (HTTP, SSL or HTTP_QUIC) bound with DBS IPV6 services or service groups tied with IPV6 DBS servers CR Virtual Server with Type HDX
Citrix has released configuration settings that can check if the Netscaler -Unit Configuration leaves it vulnerable to exploitation.
Other two bugs that are patched are a memory overflow vulnerability that is traced as CVE-2025-7776, and a wrong access control on Netscaler Management Interface Bug track as CVE-2025-8424.
Via Bleeping computer
