Find notable cyber news and cases, enriched with sources, timelines, and signals.
Vulnerability Exploitation Wave

Citrix NetScaler CVE-2025-7775 exploitation and fast weaponization

Updated 03.09.2025 21:03
Case score 64
Case score 64 Members 2 Latest activity 03.09.2025 21:03
Active exploitation Patch available CVSS: 9.2 Critical
Members 2 First seen 26.08.2025 23:04 Last seen 03.09.2025 15:20 Updated 03.09.2025 21:03

Overview

**CVE-2025-7775** is an actively exploited memory overflow in **Citrix NetScaler ADC and NetScaler Gateway** that can hijack exposed appliances or force denial of service. The flaw affects VPN and remote-access deployments, and available evidence says exploitation has already been observed on unmitigated systems. Citrix released fixes for **CVE-2025-7775**, **CVE-2025-7776**, and **CVE-2025-8424**, while **CISA** placed **CVE-2025-7775** in the **KEV** catalog and ordered Federal Civilian Executive Branch agencies to remediate it within 48 hours. Later chatter around **HexStrike AI** showed attackers trying to speed exploitation of the same Citrix flaw family, so exposed appliances still face urgent patch pressure.

Signals

6 derived
Exploitation
Exploitation Active exploitation CVSS 9.2 Critical
CVEs/products
CVE CVE CVE
Remediation
Remediation Patch available

Member happenings

2 related
Vulnerability Citrix NetScaler ADC and Gateway actively exploited memory overflow denial-of-service flaw (CVE-2025-7775)
Updated 26.08.2025 23:04 Lead Contribution 62
Exploitation Active Exploitation Data Type Passwords CVSS 9.2 Critical Patch Patch Available

**CVE-2025-7775** is an **actively exploited** memory overflow in **Citrix NetScaler ADC and NetScaler Gateway**, creating **system hijack** and **DoS** risk for **VPN and remote-access** deployments. The flaw can also be triggered on systems handling **certain IPv6 web traffic** or **content routing** tasks, widening exposure beyond standard remote access use. Citrix has released updates for supported builds, but **unsupported release lines** remain exposed until they are removed or replaced. The issue affects **12.1, 13.1, and 14.1** branches, and exploitation against **unmitigated appliances** makes timely remediation critical.

Exploitation Wave Citrix NetScaler flaws exploited via HexStrike AI
Updated 03.09.2025 15:20 Scoring Support Contribution 1
Exploitation Active Exploitation

Threat actors are using **HexStrike AI** to exploit **three Citrix flaws** disclosed **last week**, accelerating abuse of **NetScaler** systems. Forum posts claim successful exploitation and show some vulnerable instances being offered for sale. The wave compresses the time from disclosure to mass exploitation and increases automation of repeat attack attempts.