Vulnerability Exploitation Wave

Citrix NetScaler CVE-2025-7775 exploitation and fast weaponization

Updated 03.09.2025 21:03

Case score 64

Case score 64 Members 2 Latest activity 03.09.2025 21:03 Active exploitation Patch available CVSS: 9.2 Critical

Active exploitation Patch available CVSS: 9.2 Critical

Members 2 First seen 26.08.2025 23:04 Last seen 03.09.2025 15:20 Updated 03.09.2025 21:03

Overview

**CVE-2025-7775** is an actively exploited memory overflow in **Citrix NetScaler ADC and NetScaler Gateway** that can hijack exposed appliances or force denial of service. The flaw affects VPN and remote-access deployments, and available evidence says exploitation has already been observed on unmitigated systems. Citrix released fixes for **CVE-2025-7775**, **CVE-2025-7776**, and **CVE-2025-8424**, while **CISA** placed **CVE-2025-7775** in the **KEV** catalog and ordered Federal Civilian Executive Branch agencies to remediate it within 48 hours. Later chatter around **HexStrike AI** showed attackers trying to speed exploitation of the same Citrix flaw family, so exposed appliances still face urgent patch pressure.

Key facts

**CVE-2025-7775** is being actively exploited against **Citrix NetScaler ADC and NetScaler Gateway** appliances, with outcomes that include system hijack and denial of service.
The flaw affects VPN and remote-access deployments, and some systems handling certain IPv6 web traffic or content routing, across **12.1**, **13.1**, and **14.1** branches plus unsupported versions.
Citrix rated **CVE-2025-7775** **9.2/10** because exploitation does not require credentials or user interaction.
Exploitation has been observed on unmitigated appliances, and **CISA** added **CVE-2025-7775** to **KEV** with a 48-hour federal remediation deadline.
Citrix released fixes for **CVE-2025-7775**, **CVE-2025-7776**, and **CVE-2025-8424** and said there are no workarounds.
Forum chatter later described **HexStrike AI** being used to automate attacks against newly disclosed Citrix flaws.
Reach and victim counts remain unquantified, and there is no named actor attribution.

Signals

6 derived

Exploitation

Exploitation Active exploitation CVSS 9.2 Critical

CVEs/products

CVE CVE CVE

Remediation

Remediation Patch available

Member happenings

2 related

Vulnerability Citrix NetScaler ADC and Gateway actively exploited memory overflow denial-of-service flaw (CVE-2025-7775)

Updated 26.08.2025 23:04 Lead Contribution 62

Exploitation Active Exploitation Data Type Passwords CVSS 9.2 Critical Patch Patch Available

**CVE-2025-7775** is an **actively exploited** memory overflow in **Citrix NetScaler ADC and NetScaler Gateway**, creating **system hijack** and **DoS** risk for **VPN and remote-access** deployments. The flaw can also be triggered on systems handling **certain IPv6 web traffic** or **content routing** tasks, widening exposure beyond standard remote access use. Citrix has released updates for supported builds, but **unsupported release lines** remain exposed until they are removed or replaced. The issue affects **12.1, 13.1, and 14.1** branches, and exploitation against **unmitigated appliances** makes timely remediation critical.

View happening

Exploitation Wave Citrix NetScaler flaws exploited via HexStrike AI

Updated 03.09.2025 15:20 Scoring Support Contribution 1

Exploitation Active Exploitation

Threat actors are using **HexStrike AI** to exploit **three Citrix flaws** disclosed **last week**, accelerating abuse of **NetScaler** systems. Forum posts claim successful exploitation and show some vulnerable instances being offered for sale. The wave compresses the time from disclosure to mass exploitation and increases automation of repeat attack attempts.

View happening