LR pixel

Citrix NetScaler ADC and NetScaler RCE

von | 16. Sep. 2025 | Unkategorisiert | 0 Kommentare

What is the Vulnerability?

FortiGuard Labs has observed active network telemetry relating to CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler ADC and Gateway that enables remote code execution (RCE) and denial of service (DoS) under certain pre-conditions. Exploitation on unpatched appliances has been confirmed, and CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.

Citrix advisories also address:

CVE-2025-7776 – a memory overflow issue causing DoS when NetScaler is configured as a Gateway (PCoIP).

CVE-2025-8424 – an improper access control flaw affecting the management interface.

Recent industry reporting highlights that adversaries increasingly leverage AI-driven exploit development frameworks such as Hexstrike-AI, which integrate large language models (LLMs) with fuzzing and orchestration. These toolchains reduce the time from disclosure to weaponized zero-day exploitation, increasing the urgency for patching.

What is the recommended Mitigation?

The organizations using Citrix NetScaler ADC and NetScaler Gateway appliances are strongly recommended to:

-Review and follow the official Citrix security bulletins.

-Apply all relevant patches and updates as soon as possible.

-Monitor for any suspicious activity, such as dropped web shells or abnormal memory behavior.

What FortiGuard Coverage is available?

  • Intrusion Prevention System (IPS): FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-7775

    Intrusion Prevention | FortiGuard Labs

  • Web Application Security: FortiGuard Web Security Service is available to detect and block exploit activity.

    Web Application Security | FortiGuard Labs

  • Incident Response Service: The FortiGuard Incident Response team is available to assist with any suspected compromise.