A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2025-7775, has been discovered in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway systems. This flaw is actively being exploited, affecting over 28,000 instances worldwide, with the highest concentrations in the United States and Germany.
Understanding CVE-2025-7775
CVE-2025-7775 is a memory overflow vulnerability that allows unauthenticated attackers to execute arbitrary code on affected servers. This can lead to full system compromise, data theft, and further network infiltration. The vulnerability is particularly concerning due to its zero-day status, meaning it was exploited before an official patch was available.
Affected Systems and Configurations
The vulnerability impacts NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241, and 12.1-FIPS/NDcPP up to 12.1-55.330. Systems are vulnerable if configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Additionally, configurations involving load balancing (LB) virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services or service groups are affected.
Immediate Actions Required
Citrix has released patches to address this vulnerability and strongly urges administrators to apply them immediately. There are no available mitigations or workarounds; therefore, updating the firmware is the only effective measure to protect systems. Administrators should also review server logs for indicators of compromise, such as unusual processes or outbound network connections.
Broader Implications
The widespread use of Citrix products in enterprise environments means that this vulnerability poses a significant threat to business operations. A successful exploit could disrupt services, lead to financial losses, and damage reputations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-7775 to its Known Exploited Vulnerabilities catalog, emphasizing the urgency of addressing this issue.
Conclusion
Organizations using Citrix NetScaler ADC and Gateway should prioritize updating their systems to the latest firmware versions to mitigate the risk posed by CVE-2025-7775. Given the active exploitation and the critical nature of this vulnerability, immediate action is essential to safeguard systems and data.
