Services
Services

Assess

Cyber Incident Response Plan

Cyber Security Risk Assessment

Ransomware Readiness Assessment

Penetration Testing

Red Teaming

Open Source Intelligence (OSINT)

Top Ransomware Groups

Protect

Managed Firewall

Managed Network Security

Patch Management

Remote Worker Security

Security Hardening

Vulnerability Management

Wi-Fi Security

Detect

Cloud Extended Detection & Response (XDR)

Cyber Threat Intelligence

Managed Endpoint Detection & Response (MDR)

Network Indicator of Compromise Monitoring (IOC)

Security Information & Event Management (SIEM)

Purple Teaming

Blue Teaming

Respond

Business Email Compromise Response

Digital Forensics & Incident Response (DFIR)

PII Data Investigation

Recover

Disaster Recovery

Microsoft 365 Backup

Ransomware Data Recovery

Secure Backup

Train

Cyber Security Awareness Training

Phishing Simulation Training
Company
Company

About us

About us

Blog

Case studies

News

Contact us

24/7 Emergency: 0333 091 7040

Request a callback
Contact

Alerts

Cyber security alert: Active exploitation of Citrix NetScaler ADC/Gateway vulnerabilities

2nd September 2025

Overview: Active exploitation of Citrix NetScaler ADC/Gateway vulnerabilities

Risk factor: high – critical

Date: 26 August 2025

Vulnerability: CVE-2025-7775

What we know

On 26 August 2025, Citrix confirmed that CVE-2025-7775, a critical vulnerability in NetScaler ADC and Gateway appliances, is being actively exploited in the wild. Classified with a CVSS score of 9.2, the flaw enables unauthenticated remote code execution or denial of service on affected devices, particularly when configured as gateways, AAA virtual servers, or certain load-balancing services. Both the NCSC (CC-4695) and CISA, which has added the issue to its Known Exploited Vulnerabilities (KEV) catalogue, have highlighted the urgent risk.

Background

Citrix NetScaler devices, which are widely used for application delivery and secure remote access, are vital to organisational infrastructure. A successful exploitation of CVE-2025-7775 could enable remote code execution or denial of service, potentially leading to serious operational disruptions or system compromise.

Who should be concerned

Organisations using NetScaler ADC and/or Gateway, particularly versions prior to:

14.1-47.48
13.1-59.22, including FIPS and NDcPP variants
12.1-55.330 for FIPS and NDcPP models

Administrators of secure remote-access infrastructure and any environments exposed to public networks.

Recommended actions

Apply patches immediately: Update to the latest versions as specified in Citrix’s advisory AV25-543.
Harden access: Restrict or isolate management interfaces (e.g., NSIP, SNIP, Cluster Management IP) from untrusted networks.
Monitor and audit: Review logs for unusual authentication or configuration changes; validate system integrity.
Stay informed: Subscribe to alerts from NCSC, NHS Digital, and Citrix for updates and mitigation best practices.
Report incidents: If exploitation is suspected or detected, notify via relevant UK cyber-security incident reporting mechanisms.

Zensec support

Zensec is actively monitoring developments around this vulnerability and is ready to support organisations in patch deployment, system review, and incident response. Our team can provide guidance and hands-on assistance to ensure your NetScaler appliances are secure and compliant, helping to mitigate any risk from active exploitation.