Citrix has officially acknowledged severe vulnerabilities in its NetScaler Application Delivery Controller (ADC) and Gateway products. These vulnerabilities are being actively exploited in real world attacks. Out of these vulnerabilities, CVE-2025-7775 (critical severity) is most notable, as it has a CVSS score of 9.2. This memory corruption flaw was introduced in the version proposed and provides for RCE and DoS attacks. Citrix admitted that exploits targeting unmitigated appliances have been seen in the wild, resulting in Citrix taking action desperately needed by the company.
In response to the threats posed by CVE-2025-7775, Citrix has released security updates to address this vulnerability alongside two others: CVE-2025-7776 and CVE-2025-8424. The latter vulnerability represents a major memory overflow vulnerability. It scores a perfect 8.8 on the CVSS scale and may result in unsafe behaviour or total Denial-of-Service. Similarly, CVE-2025-8424 is an improper access control on the NetScaler Management Interface that has a CVSS score of 8.7.
Recent Vulnerabilities Exploited
CVE-2025-7775, which is the most recent in a string of vulnerabilities to appear in Citrix products in a matter of weeks. This vulnerability was discovered and reported by Jimi Sebree of Horizon3.ai. He was accompanied in this task by Jonathan Hetzer of Schramm & Partner as well as François Hämmerli. Their work has focused on raising awareness on the security vulnerabilities that have plagued Citrix’s infrastructure.
Citrix’s long term commitment to security is on display as they continue to address the risks posed by these vulnerabilities. The company plans to put out a monthly security bulletin going forward — CTX694938 — outlining the fixes applied against CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424.
“Exploits of CVE-2025-7775 on unmitigated appliances have been observed.” – Citrix
CISA’s Involvement
It’s worth noting that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has worked to reduce security risks related to Citrix products. Recently, CISA added two more CVEs—CVE-2024-8068 and CVE-2024-8069—to its Known Exploited Vulnerabilities (KEV) catalog. These additions underscore agencies of our federal government have long fought the vulnerability footprint that threatens our critical infrastructure.
CISA’s catalog is a critical resource for building awareness among the organizations that use Citrix products. The addition of these vulnerabilities reminds all organizations to prioritize swift patching and following general cybersecurity best practices.
Continued Vigilance Required
Citrix’s recently disclosed vulnerabilities are a flag on a very dangerous trend. Other serious vulnerabilities, such as Citrix Bleed 2 (CVE-2025-5777) and CVE-2025-6543, have seen active exploitation in real-world attacks against the NetScaler ADC and Gateway. The recent development of several vulnerabilities in quick succession serves as a reminder that Citrix product users must remain vigilant.