"Citrix has issued patches for three new vulnerabilities in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products, warning that at least one is under active exploitation. The cloud computing company has the flaws could allow attackers to carry out denial-of-service (DOS) attacks, access sensitive data, and potentially take control of affected systems. CVE-2025-7775 has a CVSS score of 9.2, and is a memory overflow vulnerability leading to remote code execution and/or denial of service."
"These flaws come as an unwelcome addition to the growing list documented in Citrix's NetScaler ADC and NetScaler Gateway products, The most dangerous of these newly discovered flaws has received a critical rating, and allows a hacker to take control of or even crash a system remotely, making use of a memory overflow to wreck systems. Threat actors do not even need user credentials to carry out the attack."
Citrix released patches for three vulnerabilities in NetScaler ADC and NetScaler Gateway, warning that at least one vulnerability is under active exploitation. The flaws can enable denial-of-service, unauthorized data access, and potential full system takeover. CVE-2025-7775 (CVSS 9.2) is a memory overflow that can lead to remote code execution or denial of service. CVE-2025-7776 (CVSS 8.8) is a memory overflow that causes unpredictable behavior and DDoS. CVE-2025-8424 (CVSS 8.7) permits improper access control on the management interface. Several unsupported or end-of-life versions remain widely deployed, representing up to one-in-five installations, and CVE-2025-7775 has been observed in zero-day backdoor attacks.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]