Urgent security news: exploitation of CVE-2025-7775 has been observed on unmitigated Citrix NetScaler appliances as of August 26, 2025, prompting an immediate firmware upgrade for affected systems.

Citrix has fixed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including the critical zero-day that has seen real-world use.

The advisory stresses a high risk and urges affected users to patch promptly to protect against potential remote code execution and denial-of-service attacks.

Exploitation requires specific configurations, namely NetScaler serving as a Gateway (VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server.

At the core is CVE-2025-7775, a memory overflow flaw rated 9.2 out of 10 that can enable remote code execution or DoS.

Citrix/Cloud Software Group strongly advises upgrading firmware immediately, noting there are no mitigations available against this exploit.

The report behind the findings is authored by Sead, a Sarajevo-based journalist who covers IT and cybersecurity topics.