Critical Vulnerability CVE-2025-7775 in Citrix NetScaler exploited, allowing remote code execution and dropping of web shells.
In a significant cybersecurity development, Citrix has released a critical patch for a memory overflow vulnerability (CVE-2025-7775) in their NetScaler ADC and Gateway products. This vulnerability, which has been actively exploited in the wild, could allow Remote Code Execution (RCE) and/or Denial of Service (DoS) by remote threat actors.
The affected NetScaler appliances include those configured as Gateway or AAA virtual servers, certain Load Balancing virtual servers, and CR virtual servers of type HDX. Customer-managed NetScaler ADC, NetScaler Gateway, and Secure Private Access on-premises or hybrid deployments are all impacted by these vulnerabilities.
Citrix released the critical security patch on August 26, 2025. Notably, the fixed versions for NetScaler ADC are 14.1-47.48 and later releases, while for NetScaler Gateway, they are 14.1-47.48 and later releases of 13.1.
It's important to note that Citrix-managed cloud services and Adaptive Authentication are automatically updated with the required patches. However, for customer-managed deployments, it's crucial to follow organizational patching and testing guidelines to minimize potential operational impact.
The Arctic Wolf Threat Report provides valuable insights into the threat landscape and strategies for better defense. Arctic Wolf, a leading cybersecurity company, uses threat intelligence to harden attack surfaces and stop threats earlier and faster.
While a publicly available proof of concept (PoC) exploit for CVE-2025-7775 has not been identified yet, threat actors are likely to further target it, and PoCs are expected to be released soon. Public reports indicate that exploitation of this vulnerability can lead to dropped web shells.
In addition to CVE-2025-7775, fixes were also released for two additional, lower-severity vulnerabilities, CVE-2025-7776 and CVE-2025-8424.
Given the potential severity of this vulnerability and its attractiveness to threat actors, Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of NetScaler ADC and Gateway as soon as possible.
This latest development serves as a reminder of the ongoing need for vigilance and proactive security measures in the face of evolving cyber threats. Citrix, in particular, has been a frequent target in the past, with one recent example being Citrix Bleed 2 (CVE-2025-5777). Organizations must stay informed and take appropriate steps to protect their systems.
