Full Report
The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service. The post Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Critical Memory-Overflow Vulnerabilities in Citrix NetScaler (Multiple CVEs)
## CVE Details
- CVE ID: CVE-2025-7775, CVE-2025-7776, CVE-2025-8424
- CVSS Score: 9.2 (for CVE-2025-7775, initial rating) (High)
- CWE: Memory-overflow (Implied for CVE-2025-7775 and CVE-2025-7776)
## Affected Systems
- Products: Citrix NetScaler ADC and Citrix NetScaler Gateway
- Versions: Multiple versions, including older, end-of-life versions 12.1 and 13.0. (Specific patched versions are not provided in the text, but an upgrade to a newer, supported version is advised.)
- Configurations: Affects both ADC and Gateway components. CVE-2025-8424 specifically affects the management interface.
## Vulnerability Description
The primary vulnerability, **CVE-2025-7775**, is a critical memory-overflow vulnerability. Successful exploitation can lead to **Remote Code Execution (RCE)** or **Denial of Service (DoS)**. Two other related vulnerabilities were disclosed: **CVE-2025-7776**, another memory-overflow vulnerability affecting both NetScaler ADC and Gateway, and **CVE-2025-8424**, affecting the management interface.
## Exploitation
- Status: **Actively exploited in the wild** (Specifically stated for CVE-2025-7775). Attackers have been using this zero-day to deploy backdoors, leading to total compromise.
- Complexity: Implied to be low/medium, given the active exploitation and historical context with similar highly exploitable Citrix flaws.
- Attack Vector: Network (Implied, given RCE capability on gateway/ADC products).
## Impact
- Confidentiality: High (Due to potential RCE allowing attacker access)
- Integrity: High (Due to potential RCE allowing data modification/backdoor installation)
- Availability: High (Due to potential DoS)
## Remediation
### Patches
- Customers are urged to install upgrades released in the security bulletin (CTX694938). The specific patch versions are not detailed in this article, but the primary action required is to upgrade to a **newer, supported version** of NetScaler ADC/Gateway.
### Workarounds
- Organizations must **urgently review for signs of prior compromise and deployed backdoors**, as patching alone is insufficient if systems are already compromised.
## Detection
- Indicators of Compromise: Signs of prior compromise, specifically the presence of deployed backdoors.
- Detection Methods and Tools: Organizations must actively search for prior compromise indicators, separate from standard patching verification. CISA has added one of the vulnerabilities (CVE-2025-7775) to its known exploited vulnerabilities catalog.
## References
- Vendor Advisories: [support dot citrix dot com slash support-home slash kbsearch slash article question mark articleNumber equals CTX694938 and articleTitle equals NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424](https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424) (Defanged)
- Other Relevant CVEs Mentioned: CVE-2025-6543, CVE-2025-5777, CVE-2023-4966 (CitrixBleed)