®onde-day Remote Code Execution (RCE) Vulnerability in Citrix Netscaler Has Been Fixed - Number of Affected Instances Decreased from 28,200 to 12,400
In the realm of cybersecurity, a critical zero-day Remote Code Execution (RCE) vulnerability has been discovered in Citrix NetScaler Application Delivery Controllers (ADCs). These devices manage, secure, and optimize network traffic in corporate networks, handling sensitive user data and providing secure remote access.
The vulnerability, tracked as CVE-2025-7775, has affected approximately 28,200 devices worldwide. Despite the vulnerability being made public and system administrators having applied patches since then, over 12,000 systems remain unpatched, providing a substantial attack surface for malicious actors.
The rapid response from administrators worldwide has been revealed by data from The Shadowserver Foundation, a non-profit dedicated to internet security. They have been providing updates on the patching efforts and the number of exposed systems.
Europe has been leading the remediation efforts, demonstrating a faster decline in vulnerable systems compared to North America. Particularly, the Netherlands, Germany, and the UK have shown the most aggressive efforts against the dangerous RCE vulnerability in Citrix NetScaler devices. The Dutch National Cyber Security Centre (NCSC) has been leading detailed investigations and response due to multiple critical infrastructure breaches.
In North America, particularly the US, there have been over 6,000 exploitation attempts detected since late July 2025, but the exact number of unprotected devices remaining is not precisely stated in the sources. However, worldwide, more than 3,300 NetScaler instances vulnerable to CVE-2025-5777 and over 4,100 vulnerable to CVE-2025-6543 remain exposed, many presumably in North America.
Asia, South America, Oceania, and Africa are patching the vulnerability but at a slower pace, leaving a larger percentage of their systems exposed. The work in addressing the Citrix NetScaler vulnerability is far from over, as the number of unpatched systems is still substantial.
Security experts are urging organizations using Citrix NetScaler products to identify and patch vulnerable instances within their networks immediately. The continued exposure of vulnerable systems poses a significant risk not only to the affected organizations but to the internet ecosystem as a whole.
The ongoing exposure of vulnerable systems underscores the ongoing challenge of global patch management in the cybersecurity landscape. The rapid initial response to the vulnerability highlights the importance of prompt action in addressing critical security issues. The number of vulnerable IP addresses connected to the internet has been cut by more than 56% due to the patching efforts. However, the ongoing efforts to patch the Citrix NetScaler vulnerability continue to be monitored by The Shadowserver Foundation.
%20Vulnerability%20in%20Citrix%20Netscaler%20Has%20Been%20Fixed%20-%20Number%20of%20Affected%20Instances%20Decreased%20from%2028%2C200%20to%2012%2C400){kind=link}