Hot on the heels of the disclosure of CVE-2025-43300, a new zero-day vulnerability impacting iOS, iPadOS, and macOS that is largely leveraged in targeted campaigns, yet another zero-day has surfaced on the cyber threat landscape. CVE-2025-7775 is a critical memory overflow vulnerability in Citrix NetScaler that allows unauthenticated remote code execution and is currently under active exploitation in the wild.
As today’s digital landscape grows increasingly complex, the pace of newly discovered vulnerabilities continues to accelerate—many carrying critical risk. High-profile flaws such as Citrix NetScaler exposures, including CitrixBleed and CitrixBleed2, highlight the severity of the problem. In 2025 alone, NIST has already logged nearly 27,000 CVEs, with forecasts indicating that number could surpass 49,000 by year’s end.
Sign up for the SOC Prime Platform to reach the global active threats feed, offering real-time CTI and curated detections to address emerging threats. All the rules can be used across dozens of SIEM, EDR, and Data Lake platforms and are aligned with MITRE ATT&CK®. Additionally, each rule is enriched with CTI links, attack timelines, audit configurations, triage recommendations, and more extensive metadata. Click Explore Detections to drill down to the entire detection stack for proactive defense against critical vulnerabilities filtered by the “CVE” tag.
Security engineers can also leverage Uncoder AI, an IDE and co-pilot for detection engineering, which is now enhanced with a new AI Chat Bot mode and the MCP tools support. With Uncoder, defenders can instantly convert IOCs into custom hunting queries, craft detection code from raw threat reports, generate Attack Flow diagrams, enable ATT&CK tags prediction, leverage AI-driven query optimization, and translate detection content across multiple platforms.
CVE-2025-7775 Analysis
Citrix has recently patched multiple vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Among them is a new critical zero-day vulnerability tracked as CVE-2025-7775. According to the vendor, this flaw has already been weaponized in attacks targeting unpatched systems.
CVE-2025-7775 is a memory overflow vulnerability that may result in RCE and/or DoS attacks when the appliance is configured as a Gateway or as an AAA virtual server. The flaw impacts multiple configurations, including VPN, ICA Proxy, AAA, and load balancing virtual servers running on versions 13.1, 14.1, 13.1-FIPS, and NDcPP.
As potential CVE-2025-7775 mitigation measures, Citrix customers are urged to immediately upgrade their NetScaler firmware to fixed versions: 14.1-47.48+, 13.1-59.22+, 13.1-FIPS/NDcPP 13.1-37.241+, and 12.1-FIPS/NDcPP 12.1-55.330+. Notably, versions 12.1 and 13.0 are End of Life and must be upgraded to supported releases. The vendor also provided configuration checks to help administrators determine whether their NetScaler devices are impacted.
Citrix stated that Secure Private Access on-premises and Hybrid deployments that rely on NetScaler instances are also impacted by the vulnerabilities mentioned in the latest vendor’s security advisory. This advisory applies solely to customer-managed NetScaler ADC and NetScaler Gateway, while Citrix-managed cloud services and Adaptive Authentication are updated directly by Cloud Software Group.
With the increasing volumes of zero-day vulnerabilities weaponized in in-the-wild attacks, organizations are seeking ways to proactively defend against emerging threats. By leveraging SOC Prime’s complete product suite backed by AI and top cybersecurity expertise, security teams are equipped with future-proof technologies for enterprise-ready protection that can significantly enhance the organization’s cybersecurity posture.
The post CVE-2025-7775 Vulnerability: A New Critical NetScaler RCE Zero-Day Under Active Exploitation appeared first on SOC Prime.
