Tag: citrix
-
Citrix 0-Day Flaw Under Active Exploitation Since May
Tags: attack, citrix, cve, cyber, exploit, flaw, government, remote-code-execution, vulnerability, zero-daySecurity researcher Kevin Beaumont has revealed alarming details about CVE-2025-6543, a critical Citrix NetScaler vulnerability that was actively exploited as a zero-day attack for months before the company issued patches. What Citrix initially downplayed as a simple >>denial of service
-
CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation
CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must… First seen on hackread.com Jump to article: hackread.com/cisa-citrix-git-flaw-kev-catalog-amid-active-exploitation/
-
Thousands of Citrix NetScaler boxes still sitting ducks despite patches
Shadowserver counts more than 13,000 appliances still wide open including thousands in US, Germany, and UK First seen on theregister.com Jump to article: www.theregister.com/2025/08/28/thousands_of_citrix_netscaler_boxes/
-
Deutschland auf Platz 2: 28.000 Citrix-Systeme sind angreifbar
Unzählige Citrix-Netscaler-Instanzen sind anfällig für eine aktiv ausgenutzte Sicherheitslücke. Experten warnen vor einer Ausweitung der Angriffe. First seen on golem.de Jump to article: www.golem.de/news/deutschland-auf-platz-2-28-000-citrix-systeme-sind-angreifbar-2508-199583.html
-
CISA Issues Alert on Citrix NetScaler 0-Day RCE Exploited in the Wild
Tags: cisa, citrix, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after detecting active exploitation of a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices. Designated CVE-2025-7775, the flaw stems from a memory overflow in NetScaler’s traffic management subsystem and was recently added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. Evidence…
-
Over 28,000 Citrix Servers at Risk from Active 0-Day RCE Exploit
Tags: citrix, cyber, cybersecurity, exploit, flaw, rce, remote-code-execution, risk, threat, vulnerability, zero-dayAcritical zero-day remote code execution (RCE) vulnerabilityis currently threatening the security of over 28,000 Citrix instances worldwide. The flaw, designated as CVE-2025-7775, is being actively exploited by threat actors, prompting urgent security warnings from cybersecurity authorities and immediate action requirements from organizations running affected systems. Widespread Vulnerability Exposure The Shadowserver Foundation’s latest research reveals alarming statistics…
-
Attackers exploiting NetScaler ADC and Gateway zero day flaw, Citrix warns
Tags: access, advisory, attack, authentication, backdoor, citrix, control, country, cve, cvss, cyber, cybersecurity, exploit, flaw, group, infrastructure, mitigation, rce, remote-code-execution, service, update, vulnerability, zero-dayNetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or service groups bound with IPv6 servers, and those bound with DBS IPv6 services or…
-
Over 28,000 Citrix instances remain exposed to critical RCE flaw CVE-2025-7775
Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775, which is under active exploitation. CVE-2025-7775 (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service.…
-
U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler flaw, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it…
-
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/
-
Citrix Patches Three NetScaler Zero Days as One Sees Active Exploitation
Citrix customers are urged to patch their vulnerable NetScaler appliances, but “patching alone won’t cut it,” experts said First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/citrix-patch-netscaler-zero-days/
-
Laufende Angriffe auf Netscaler: Citrix warnt vor gefährlicher Zero-Day-Lücke
Eine Sicherheitslücke in Citrix-Netscaler-Instanzen lässt Angreifer Schadcode einschleusen. Da sie schon ausgenutzt wird, sollten Admins schnell handeln. First seen on golem.de Jump to article: www.golem.de/news/laufende-angriffe-auf-netscaler-citrix-warnt-vor-gefaehrlicher-zero-day-luecke-2508-199545.html
-
Kritische Schwachstellen in Citrix NetScaler ADC NetScaler Gateway
Administratoren von Citrix NetScaler ADC und NetScaler Gateway müssen reagieren, da neue kritische Schwachstellen (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) bekannt wurden. Citrix schreibt, dass bereits die Ausnutzung einer Schwachstelle über Exploits beobachtet wurde. Schwachstellen in Citrix NetScaler ADC & Co. Citrix hat … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/27/schwachstellen-in-citrix-netscaler-adc-netscaler-gateway/
-
CVE-2025-7775: Citrix NetScaler ADC and NetScaler Gateway Zero-Day Remote Code Execution Vulnerability Exploited in the Wild
Citrix has released patches to address a zero-day remote code execution vulnerability in NetScaler ADC and NetScaler Gateway that has been exploited. Organizations are urged to patch immediately. Background On August 26, Citrix published a security advisory for three vulnerabilities, including CVE-2025-7775, a zero-day vulnerability which has been exploited against its NetScaler Application Delivery Controller…
-
Citrix NetScaler ADC and Gateway Hit by Ongoing Attacks Exploiting 0-Day RCE
Cloud Software Group has issued an emergency security bulletin warning of active exploitation targeting three critical vulnerabilities in NetScaler ADC and NetScaler Gateway products. The vulnerabilities, tracked asCVE-2025-7775,CVE-2025-7776, andCVE-2025-8424, present severe security risks including remote code execution and denial of service capabilities. Active Exploitation Confirmed The most severe vulnerability,CVE-2025-7775, carries aCVSS v4.0 score of 9.2and has been…
-
Citrix Gear Under Active Attack Again With Another Zero-Day
The flaw is one of three that the company disclosed affecting its NetScaler ADC and NetScaler Gateway technologies. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/citrix-zero-day-under-active-attack
-
Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June
The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service. First seen on cyberscoop.com Jump to article: cyberscoop.com/citrix-netscaler-zero-day-exploited-august-2025/
-
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/citrix-fixes-critical-netscaler-rce-flaw-exploited-in-zero-day-attacks/
-
Citrix NetScaler Devices Yet Again Under Attack
Citrix Publishes Patches After Attackers Exploit Memory Overflow Vulnerability. NetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2. First seen on govinfosecurity.com Jump…
-
Citrix fixed three NetScaler flaws, one of them actively exploited in the wild
Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild. >>Exploits of CVE-2025-7775 on unmitigated appliances have been observed.
-
Citrix Under Active Attack Again With Another Zero-Day
The flaw is one of three that the company disclosed affecting its NetScaler ADC and NetScaler Gateway technologies. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/citrix-zero-day-under-active-attack
-
Three new Citrix NetScaler zero-days under active exploitation
Citrix patches three new vulnerabilities in its NetScaler lines warning of active zero-day exploitation by an undisclosed threat actor. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629825/Three-new-Citrix-NetScaler-zero-days-under-active-exploitation
-
Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild.The vulnerabilities in question are listed below -CVE-2025-7775 (CVSS score: 9.2) – Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-ServiceCVE-2025-7776 (CVSS score: 8.8) – Memory overflow First…
-
Citrix patches trio of NetScaler bugs after attackers beat them to it
Criminals already abusing its latest zero-days First seen on theregister.com Jump to article: www.theregister.com/2025/08/26/citrix_patches_trio_of_netscaler/
-
U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, citrix, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2024-8069 is a limited remote code execution with privilege…
-
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2024-8068 (CVSS score: 5.1) – An improper privilege management vulnerability in Citrix Session Recording First seen…
-
CISA Issues Alert on Citrix Flaws Actively Exploited by Hackers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert after adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on August 25, 2025. The alert highlights active exploitation of two serious Citrix Session Recording flaws and one Git vulnerability, prompting immediate action from federal agencies and private organizations. Critical…
-
China-nexus hacker Silk Typhoon targeting cloud environments
The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hacker-silk-typhoon-cloud/758409/
-
China-nexus hacker Silk Typhoon targeting cloud environments
The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-hacker-silk-typhoon-cloud/758409/
-
Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs
Dutch NCSC warns CVE-2025-6543 Citrix bug, a memory overflow flaw, is being exploited to breach critical organizations in the Netherlands. The Dutch NCSC warns that the critical Citrix NetScaler flaw CVE-2025-6543 has been exploited to breach critical organizations in the Netherlands. Dutch NCSC experts pointed out that CVE-2025-6543 was exploited for remote code execution. Threat…