Citrix customers are once again being urged to patch NetScaler devices following the discovery of a critical zero-day vulnerability actively exploited by hackers.
The flaw, tracked as CVE-2025-7775, is a memory overflow vulnerability that allows potential remote code execution. With a CVSS score of 9.2/10, it poses a severe risk to organizations using NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices, which often serve as VPNs or proxies.
This latest flaw adds to a troubling history of Citrix vulnerabilities. Researchers have noted that attackers—particularly nation-state groups—move quickly to weaponize newly disclosed flaws. Earlier this year, another major issue, CVE-2025-5777, dubbed “Citrix Bleed 2,” was widely exploited by ransomware groups, echoing the original Citrix Bleed vulnerabilities of 2023.
While Citrix has released patches for currently supported versions, many organizations remain exposed. Cybersecurity firm Tenable found that nearly 20% of NetScaler assets identified run on unsupported versions (12.0 or 13.0), which Citrix warns must be upgraded immediately. These legacy systems are now considered “ticking time bombs” given attackers’ track record of exploiting Citrix flaws soon after disclosure.
Experts stress that patching alone may not be enough. Benjamin Harris, CEO of watchTowr, warned that attackers may already be inside some networks: “Applying the patch could just shut the door behind hackers who are already inside.” He urged NetScaler customers to actively hunt for indicators of compromise.
Caitlin Condon of VulnCheck added that while CVE-2025-7775 may be complex to exploit, it is precisely the type of vulnerability targeted by sophisticated, state-backed actors.
The vulnerabilities also affect on-premises and hybrid deployments of Citrix Secure Private Access, which tunnels access to internal apps without VPNs. Organizations relying on these solutions are strongly advised to apply updates and review security logs for anomalies.
Citrix has repeatedly been in the spotlight for critical NetScaler flaws. The frequency of zero-day exploitation, coupled with the persistence of unsupported deployments, has created an environment where attackers can consistently leverage these vulnerabilities. For enterprises, this reinforces the urgency of rapid patching, proactive monitoring, and migration from legacy systems to safeguard against compromise.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
