[ad_1]
- Citrix fixes three flaws in NetScaler ADC and NetScaler Gateway
- Amongst them is a critical-severity one used as a zero-day which allowed for RCE and DoS assaults
Citrix has fastened three bugs in its NetScaler ADC and NetScaler Gateway cases, together with a important zero-day flaw which was apparently being abused within the wild.
In a brand new advisory, the corporate mentioned it patched a number of flaws, together with a reminiscence overflow vulnerability that would result in distant code execution (RCE) or Denial of Service (DoS) assaults in NetScaler ADC and NetScaler Gateway (when NetScaler is configured as Gateway or AAA digital server).
The vulnerability is tracked as CVE-2025-7775 and has a severity rating of 9.2/10 (important).
Configuration flaws
Citrix has urged customers to patch up instantly for the reason that hackers are already leveraging the bug in real-life assaults.
“As of August 26, 2025 Cloud Software program Group has motive to consider that exploits of CVE-2025-7775 on unmitigated home equipment have been noticed, and strongly recommends prospects to improve their NetScaler firmware to the variations containing the repair as there aren’t any mitigations out there to guard towards a possible exploit,” it mentioned.
Luckily, leveraging the bug will not be significantly easy, as gadgets must be configured in a particular approach for that to occur:
– NetScaler have to be configured as Gateway (VPN digital server, ICA Proxy, CVPN, RDP Proxy) or AAA digital server
– NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of kind (HTTP, SSL or HTTP_QUIC) certain with IPv6 companies or servicegroups certain with IPv6 servers
– NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB digital servers of kind (HTTP, SSL or HTTP_QUIC) certain with DBS IPv6 companies or servicegroups certain with IPv6 DBS servers CR digital server with kind HDX
Citrix has launched configuration settings that may verify if the NetScaler system’s configuration leaves it weak to exploits.
Different two bugs patched are a reminiscence overflow vulnerability tracked as CVE-2025-7776, and an improper entry management on the NetScaler Administration Interface bug tracked as CVE-2025-8424.
By way of BleepingComputer
You may also like
[ad_2]
