Citrix NetScaler ADC and NetScaler RCE

Blog

Byadmblake September 17, 2025

What is the Vulnerability? FortiGuard Labs has observed active network telemetry relating to CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler ADC and Gateway that enables remote code execution (RCE) and denial of service (DoS) under certain pre-conditions. Exploitation on unpatched appliances has been confirmed, and CISA has added the vulnerability to its Known Exploited…

What is the Vulnerability?

FortiGuard Labs has observed active network telemetry relating to CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler ADC and Gateway that enables remote code execution (RCE) and denial of service (DoS) under certain pre-conditions. Exploitation on unpatched appliances has been confirmed, and CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.

Citrix advisories also address:

CVE-2025-7776 – a memory overflow issue causing DoS when NetScaler is configured as a Gateway (PCoIP).

CVE-2025-8424 – an improper access control flaw affecting the management interface.

Recent industry reporting highlights that adversaries increasingly leverage AI-driven exploit development frameworks such as Hexstrike-AI, which integrate large language models (LLMs) with fuzzing and orchestration. These toolchains reduce the time from disclosure to weaponized zero-day exploitation, increasing the urgency for patching.

What is the recommended Mitigation?

The organizations using Citrix NetScaler ADC and NetScaler Gateway appliances are strongly recommended to:

-Review and follow the official Citrix security bulletins.

-Apply all relevant patches and updates as soon as possible.

-Monitor for any suspicious activity, such as dropped web shells or abnormal memory behavior.

What FortiGuard Coverage is available?

Intrusion Prevention System (IPS): FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-7775

Intrusion Prevention | FortiGuard Labs
Web Application Security: FortiGuard Web Security Service is available to detect and block exploit activity.

Web Application Security | FortiGuard Labs
Incident Response Service: The FortiGuard Incident Response team is available to assist with any suspected compromise.

Blog

Insurers May Limit Payments in Cases of Unpatched CVEs

Some insurers look to limit payouts to companies that don’t remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don’t like those restrictions.

Read More Insurers May Limit Payments in Cases of Unpatched CVEs
Blog

Update: Cybercriminals still not fully on board the AI train (yet)

A year after our initial research on threat actors’ attitudes to generative AI, we revisit some underground forums and find that many cybercriminals are still skeptical – although there has been a slight shift

Read More Update: Cybercriminals still not fully on board the AI train (yet)
Blog

How to Balance Password Security Against User Experience

If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a…

Read More How to Balance Password Security Against User Experience
Blog

Asian Orgs Shift Cybersecurity Requirements to Suppliers

The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do business.

Read More Asian Orgs Shift Cybersecurity Requirements to Suppliers
Blog

Pentesters: Is AI Coming for Your Role?

We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue…

Read More Pentesters: Is AI Coming for Your Role?
Blog

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an…

Read More Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Related