Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has dropped critical patches for three vulnerabilities in NetScaler ADC and Gateway, and they're confirming that one of them, CVE-2025-7775, is already being exploited in the wild. No workarounds exist, so patch ASAP or risk getting owned.

The flaws include CVE-2025-7775 (a remote code execution bug with a CVSS score of 9.8), CVE-2025-7776 (a denial-of-service issue rated 7.5), and CVE-2025-7777 (another RCE with a 9.8 score). All affect multiple versions of NetScaler ADC and Gateway, so if you're running this stuff, you're exposed.

Citrix isn't sharing deets on the exploitation yet, but they're urging everyone to update to the latest versions immediately. No mitigations or workarounds are available, making this a full-on emergency.

This isn't Citrix's first rodeo—NetScaler has been a hot target for hackers in the past, with previous flaws like CVE-2023-4966 leading to massive breaches. So, yeah, take this seriously and get those systems patched before the bad actors do more damage.