Citrix NetScaler ADC and Gateway actively exploited memory overflow denial-of-service flaw (CVE-2025-7775)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-7775 is an actively exploited memory overflow in Citrix NetScaler ADC and NetScaler Gateway, creating system hijack and DoS risk for VPN and remote-access deployments. The flaw can also be triggered on systems handling certain IPv6 web traffic or content routing tasks, widening exposure beyond standard remote access use. Citrix has released updates for supported builds, but unsupported release lines remain exposed until they are removed or replaced. The issue affects 12.1, 13.1, and 14.1 branches, and exploitation against unmitigated appliances makes timely remediation critical.
Cases
Related Happenings
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
First: 31.03.2026 10:05
Last: 31.03.2026 10:05
Sources 1
About this happening:
CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector ActionAbout this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/Mitigation
First: 25.03.2026 17:52
Last: 25.03.2026 17:52
Sources 1
About this happening:
**Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/MitigationAbout this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)
Vulnerability
First: 24.03.2026 17:15
Last: 24.03.2026 17:15
Sources 1
About this happening:
A critical **out-of-bounds read** in **NetScaler ADC** and **NetScaler Gateway** can let an **unauthenticated remote attacker** leak **sensitive memory contents** from affected ap...
NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)
VulnerabilityAbout this happening: A critical **out-of-bounds read** in **NetScaler ADC** and **NetScaler Gateway** can let an **unauthenticated remote attacker** leak **sensitive memory contents** from affected ap...
Citrix NetScaler reconnaissance scanning and version-enumeration campaign
Campaign
First: 03.02.2026 22:25
Last: 03.02.2026 22:25
Sources 1
About this happening:
A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...
Citrix NetScaler reconnaissance scanning and version-enumeration campaign
CampaignAbout this happening: A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...
Broadcom VMware vCenter Server and Cloud Foundation patch advisory (CVE-2024-37079)
Advisory/Mitigation
First: 26.01.2026 13:49
Last: 26.01.2026 13:49
Sources 1
About this happening:
**Broadcom** told customers to apply security patches for **CVE-2024-37079** in **vCenter Server** and **Cloud Foundation**, after the flaw was tied to **active exploitation** and...
Broadcom VMware vCenter Server and Cloud Foundation patch advisory (CVE-2024-37079)
Advisory/MitigationAbout this happening: **Broadcom** told customers to apply security patches for **CVE-2024-37079** in **vCenter Server** and **Cloud Foundation**, after the flaw was tied to **active exploitation** and...
Timeline
-
03.09.2025 21:03 1 articles · 8mo ago
Hackers use HexStrike-AI to exploit Citrix NetScaler CVE-2025-7775
Exploitation ObservedCheck Point Research observed dark web chatter linking HexStrike-AI to rapid weaponization of newly disclosed Citrix NetScaler ADC and Gateway vulnerabilities, with attackers reportedly using the framework to automate scanning for vulnerable instances, crafting exploits, delivering payloads, and maintaining persistence after unauthenticated remote code execution through CVE-2025-7775 and webshell deployment on compromised appliances.
Show sources
- Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws — www.bleepingcomputer.com — 03.09.2025 21:03
-
26.08.2025 23:04 1 articles · 9mo ago
Citrix discloses active NetScaler CVE-2025-7775 exploitation
Initial DisclosureCitrix disclosed three new vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway, including CVE-2025-7775, a zero-day memory overflow that can enable system hijacking or a DoS condition on VPN or remote access deployments and on devices handling certain IPv6 web traffic or specific content routing tasks. Citrix said exploits of CVE-2025-7775 on unmitigated appliances have been observed, identified affected builds in the 12.1, 13.1, and 14.1 release lines, listed CVE-2025-7776 and CVE-2025-8424, and urged affected customers to install the relevant updated versions as soon as possible because unsupported, end-of-life versions are also affected.
Show sources
- Citrix Gear Under Active Attack Again With Another Zero-Day — www.darkreading.com — 26.08.2025 23:04