Citrix has released security updates to fix three high-risk vulnerabilities in its NetScaler ADC and NetScaler Gateway products, including one that is already being actively exploited in the wild.
The vulnerabilities in question include:
-
CVE-2025-7775 and CVE-2025-7776: two memory overflow flaws that could lead to remote code execution or denial-of-service (DoS). The former issue is confirmed to be actively exploited on unpatched systems.
-
CVE-2025-8424: An improper access control issue affecting the NetScaler Management Interface.
“Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” the vendor has noted in its security advisory, without releasing further details about the nature of the exploitation.
Citrix has provided patches in the following versions: NetScaler ADC and Gateway 14.1-47.48 and later; Version 13.1-59.22 and later for 13.1; Version 13.1-37.241 and later for 13.1-FIPS and 13.1-NDcPP; Version 12.1-55.330 and later for 12.1-FIPS and 12.1-NDcPP.
There are no workarounds, so users are strongly advised to upgrade immediately.
This is the latest in a series of exploited flaws in NetScaler, following recent issues like CVE-2025-5777 (Citrix Bleed 2) and CVE-2025-6543.
Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) has also flagged two other Citrix vulnerabilities (CVE-2024-8068 and CVE-2024-8069) in its Known Exploited Vulnerabilities catalog.
CISA also warns of an unrelated, actively exploited vulnerability in Git (CVE-2025-48384), which involves improper handling of carriage return characters in configuration files and could allow arbitrary code execution.