Ethical Hacking News
Over 28,000 instances of vulnerable Citrix devices have been exposed due to a newly discovered RCE vulnerability (CVE-2025-7775), with some locations more severely affected than others. The exploitation is considered zero-day, highlighting the urgency for users to upgrade their firmware as soon as possible.
Citrix devices are vulnerable to a critical remote code execution (RCE) flaw with over 28,000 affected devices. The vulnerability, CVE-2025-7775, affects versions 14.1 before 14.1-47.48 and earlier, as well as NetScaler ADC and Gateway configurations. Exploitation of the vulnerability is considered zero-day, with no prior notification given to users. Citrix has not provided workarounds or mitigations, leaving users with little choice but to upgrade their firmware immediately. Federal agencies have been warned that they must apply patches by August 28 or discontinue using affected products.
Citrix has revealed that over 28,000 of its devices are currently vulnerable to a critical remote code execution (RCE) flaw, designated as CVE-2025-7775. This vulnerability has been identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix itself, with exploitation already being reported in the wild.
The affected versions of Citrix include 14.1 before 14.1-47.48, 13.1 before 13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241-FIPS/NDcPP, and 12.1-FIPS/NDcPP up to 12.1-55.330-FIPS/NDcPP. Citrix has emphasized the importance of upgrading to a newer release, specifically those that address the issue.
The most frequently affected locations were the United States (10,100), Germany (4,300), the United Kingdom (1,400), the Netherlands (1,300), Switzerland (1,300), Australia (880), Canada (820), and France (600). This widespread vulnerability underscores the critical nature of this issue.
The attack vector for CVE-2025-7775 is limited to NetScaler ADC and NetScaler Gateway when configured as a Gateway/AAA virtual server or bound to IPv6 services. The exploitation is considered zero-day, meaning that no prior notification was given to users.
Citrix has not provided any workarounds or mitigations for this vulnerability, leaving users with little choice but to upgrade their firmware immediately in order to protect against the potential attacks. This highlights a critical flaw in the vendor's approach towards handling security issues.
The discovery of this RCE flaw and its exploitation is particularly concerning because it shows that Citrix devices are being targeted by malicious actors, who can potentially use them as entry points for further attacks on networks or systems. The fact that there were over 28,000 exposed instances of this vulnerability within a short span of time underscores the severity of the situation.
Furthermore, Citrix has also disclosed two other high-severity vulnerabilities in its security bulletin: CVE-2025-7776 (memory overflow denial-of-service) and CVE-2025-8424 (improper access control on the management interface). These vulnerabilities have not been exploited yet but are indicative of a more serious issue within Citrix's products.
The versions 12.1 and 13.0, which have reached End of Life status, are also vulnerable to this RCE flaw but have less critical impact because they are no longer supported by the vendor.
This critical vulnerability in Citrix devices has already been cataloged by CISA as a Known Exploited Vulnerability (KEV), with federal agencies given until August 28 to apply patches from the vendor or discontinue using affected products. This highlights the severity of this issue and the urgency for users to take action against it.
In conclusion, the vulnerability in Citrix devices represents a significant threat to the security of networks and systems that use these platforms. The fact that exploitation has already begun and over 28,000 instances are vulnerable underscores the need for immediate action by affected parties to upgrade their firmware or remove affected products from service.
The discovery of this vulnerability also highlights the importance of proactive cybersecurity measures. Users must prioritize upgrading to newer versions of Citrix that address the CVE-2025-7775 flaw and monitor their systems closely for signs of exploitation.
Given the severity of the situation, it is imperative that users act swiftly and decisively to mitigate this risk.
Related Information:
https://www.ethicalhackingnews.com/articles/Critically-Vulnerable-Citrix-Devices-Expose-Over-28000-Instances-to-Exploited-RCE-Flaw-ehn.shtml
https://www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/
https://www.tenable.com/blog/cve-2025-7775-citrix-netscaler-adc-and-netscaler-gateway-zero-day-remote-code-execution
https://nvd.nist.gov/vuln/detail/CVE-2025-7775
https://www.cvedetails.com/cve/CVE-2025-7775/
https://nvd.nist.gov/vuln/detail/CVE-2025-8424
https://www.cvedetails.com/cve/CVE-2025-8424/
Published: Wed Aug 27 14:30:49 2025 by llama3.2 3B Q4_K_M
