Ethical Hacking News
Citrix has patched critical NetScaler flaws amid widespread exploitation. The vulnerabilities were discovered by researchers who credited Citrix for their role in identifying the issues. Organizations relying on NetScaler ADC and Gateway systems must patch their software immediately.
Citrix has released patches for three critical vulnerabilities in their NetScaler ADC and Gateway products, including one that has been actively exploited in the wild. The vulnerabilities are CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424 with CVSS scores of 9.2, 8.8, and 8.7 respectively. CVE-2025-7775 is a memory overflow vulnerability that can lead to remote code execution and denial-of-service attacks. CVE-2025-7776 is also a memory overflow vulnerability that can lead to unpredictable or erroneous behavior and denial-of-service attacks. CVE-2025-8424 is an improper access control vulnerability that can allow attackers to gain unauthorized access to sensitive systems and data. Patches are available in 14.1-47.48 and later releases of NetScaler ADC and Gateway, as well as in earlier versions of the software. Organizations must take immediate action to patch their systems and implement robust security controls to prevent further exploitation.
Citrix has recently released patches for three critical vulnerabilities in their popular ADC and Gateway products, including one that has been actively exploited in the wild. The vulnerabilities in question are listed as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, with respective CVSS scores of 9.2, 8.8, and 8.7.
The first vulnerability, CVE-2025-7775, is a memory overflow vulnerability that can lead to remote code execution and/or denial-of-service attacks. This flaw was discovered by Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor, and François Hämmerli, who were credited by Citrix for their role in identifying the issue.
To exploit CVE-2025-7775, the victim's NetScaler ADC or Gateway must be configured as a specific type of virtual server, with certain services or service groups bound to it. The vulnerability can then be triggered by sending a malicious HTTP request to the affected system.
The second vulnerability, CVE-2025-7776, is also a memory overflow vulnerability that can lead to unpredictable or erroneous behavior and denial-of-service attacks. This flaw was also discovered by the same team of researchers who identified CVE-2025-7775.
To exploit CVE-2025-7776, the victim's NetScaler ADC or Gateway must be configured as a specific type of virtual server with a particular profile bounded to it. The vulnerability can then be triggered by sending a malicious HTTP request to the affected system.
The third vulnerability, CVE-2025-8424, is an improper access control vulnerability that can allow attackers to gain unauthorized access to sensitive systems and data. This flaw was discovered by Jimi Sebree of Horizon3.ai, Jonathan Hetzer of Schramm & Partnerfor, and François Hämmerli, who were credited by Citrix for their role in identifying the issue.
To exploit CVE-2025-8424, the attacker must gain access to a specific IP address or domain name that is used by the NetScaler ADC or Gateway. This can be done through various means, such as phishing attacks or exploiting other vulnerabilities.
Citrix has released patches for all three vulnerabilities in their 14.1-47.48 and later releases of NetScaler ADC and Gateway, as well as in earlier versions of the software, including 13.1-59.22 and later releases, 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases.
The patches for CVE-2025-7775 and CVE-2025-7776 were released in response to exploits being observed in the wild. The disclosure of these vulnerabilities has highlighted the importance of keeping NetScaler ADC and Gateway systems up-to-date with the latest security patches.
CVE-2025-7775 is the latest NetScaler ADC and Gateway vulnerability to be weaponized in real-world attacks, following CVE-2025-5777 (aka Citrix Bleed 2) and CVE-2025-6543. The disclosure of this vulnerability has also raised concerns about the security posture of organizations that rely on these systems.
In addition to releasing patches for these vulnerabilities, Citrix has also credited Jimi Sebree, Jonathan Hetzer, and François Hämmerli with their role in identifying the issues. Their work highlights the importance of responsible disclosure and the value of collaboration between researchers and vendors in identifying and addressing security vulnerabilities.
The incident serves as a reminder to organizations that rely on NetScaler ADC and Gateway systems to ensure that they are keeping their software up-to-date with the latest security patches, and to implement robust security controls to prevent exploitation of these vulnerabilities.
In conclusion, Citrix has released patches for three critical vulnerabilities in their popular ADC and Gateway products. These vulnerabilities have been actively exploited in the wild, and organizations that rely on these systems must take immediate action to patch their systems and implement robust security controls to prevent further exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/Citrix-Patches-Critical-NetScaler-Flaws-Amid-Widespread-Exploitation-ehn.shtml
https://thehackernews.com/2025/08/citrix-patches-three-netscaler-flaws.html
https://www.theregister.com/2025/08/26/citrix_patches_trio_of_netscaler/
https://www.msn.com/en-us/technology/cybersecurity/citrix-patches-trio-of-netscaler-bugs-after-attackers-beat-them-to-it/ar-AA1Lg7GU
https://nvd.nist.gov/vuln/detail/CVE-2025-7775
https://www.cvedetails.com/cve/CVE-2025-7775/
https://nvd.nist.gov/vuln/detail/CVE-2025-7776
https://www.cvedetails.com/cve/CVE-2025-7776/
https://nvd.nist.gov/vuln/detail/CVE-2025-8424
https://www.cvedetails.com/cve/CVE-2025-8424/
Published: Tue Aug 26 13:11:15 2025 by llama3.2 3B Q4_K_M
