CVE-2025-7775
published 2025-08-26CVE-2025-7775: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-08-28
Exploited in the wild
EPSS
18.97%
96.9th percentile
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
(OR)
CR virtual server with type HDX
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_application_delivery_controller | >= 12.1 < 12.1-55.330 | 12.1-55.330 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-37.241 | 13.1-37.241 |
| citrix | netscaler_application_delivery_controller | >= 13.1 < 13.1-59.22 | 13.1-59.22 |
| citrix | netscaler_application_delivery_controller | >= 14.1 < 14.1-47.48 | 14.1-47.48 |
| citrix | netscaler_gateway | — | — |
| citrix | netscaler_gateway | >= 13.1 < 13.1-59.22 | 13.1-59.22 |
| citrix | netscaler_gateway | >= 14.1 < 14.1-47.48 | 14.1-47.48 |
| citrix | xenserver | — | — |
| netscaler | adc | >= 12.1 FIPS and NDcPP < 55.330 | 55.330 |
| netscaler | adc | >= 13.1 < 59.22 | 59.22 |
| netscaler | adc | >= 13.1 FIPS and NDcPP < 37.241 | 37.241 |
| netscaler | adc | >= 14.1 < 47.48 | 47.48 |
| netscaler | gateway | >= 12.1 FIPS and NDcPP < 55.330 | 55.330 |
| netscaler | gateway | >= 13.1 < 59.22 | 59.22 |
| netscaler | gateway | >= 13.1 FIPS and NDcPP < 37.241 | 37.241 |
| netscaler | gateway | >= 14.1 < 47.48 | 47.48 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-7775 affects NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server — focus detection on these configurations ↗
- →CVE-2025-7775 has been confirmed exploited in the wild against Citrix NetScaler ADC and NetScaler Gateway — treat unpatched instances as actively targeted ↗
- ·Vulnerability also affects LB virtual servers of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services or servicegroups — ensure these configurations are included in scope for detection and patching ↗
- ·Vulnerability also affects LB virtual servers bound with DBS IPv6 services or servicegroups — DBS IPv6 configurations must also be assessed ↗
- ·CR virtual server with type HDX is also a vulnerable configuration and should be included in detection scope ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.2CRITICAL
cisa9.2CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2m4h-vp37-6746: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is confi
ghsa_unreviewed·2025-08-26
CVE-2025-7775 [CRITICAL] CWE-119 GHSA-2m4h-vp37-6746: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is confi
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers
(OR)
NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers
(OR)
CR virtual server with type HDX
VulnCheck
Citrix NetScaler Memory Overflow Vulnerability
vulncheck·2025·CVSS 9.2
CVE-2025-7775 [CRITICAL] CWE-119 Citrix NetScaler Memory Overflow Vulnerability
Citrix NetScaler Memory Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
Affected: Citrix NetScaler ADC and NetScaler Gateway
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://cyberplace.social/@GossiTheDog/115095063936712306; https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424; https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-citrix-6; https://w
CISA
Citrix NetScaler Memory Overflow Vulnerability
cisa·2025-08-26·CVSS 9.2
CVE-2025-7775 [CRITICAL] CWE-119 Citrix NetScaler Memory Overflow Vulnerability
Vulnerability: Citrix NetScaler Memory Overflow Vulnerability
Affected: Citrix NetScaler
Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775
Remediation Due Date: 2025-08-28
Citrix
Citrix Security Bulletin CTX694938
vendor_citrix·CVSS 5.9
CVE-2025-12101 [MEDIUM] Citrix Security Bulletin CTX694938
Citrix Security Bulletin CTX694938
CVE References: CVE-2025-12101, CVE-2025-62626, CVE-2025-7775, CVE-2025-7776, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
Hackernews
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
blogs_hackernews·2026-03-28·CVSS 9.4
CVE-2026-3055 [CRITICAL] Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr .
The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information.
Per Citrix, successful exploitation of the flaw hinges on the appliance being configured as a SAML Identity Provider (SAML IDP).
"We are now observing aut
Hackernews
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
blogs_hackernews·2026-03-24·CVSS 9.3
[CRITICAL] Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.
The vulnerabilities are listed below -
CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread
CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user session mixup
Cybersecurity company Rapid7 said that CVE-2026-3055 refers to an out-of-bounds read that could be exploited by unauthenticated remote
Bleepingcomputer
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
blogs_bleepingcomputer·2025-09-03·CVSS 9.2
[CRITICAL] Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
## Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
## Bill Toulas
## Power in the wrong hands
HexStrike-AI is a legitimate red teaming tool created by cybersecurity researcher Muhammad Osama, which enables the integration of AI agents to autonomously run over 150 cybersecurity tools for automated penetration testing and vulnerability discovery.
"HexStrike AI operates with human-in-the-loop interaction through external LLMs via MCP, creating a continuous cycle of prompts, analysis, execution, and feedback," reads its creator's description .
HexStrike-AI's client features a retry logic and recovery handling to mitigate the effects of failures in any individual step on its complex operations. Instead, it automatically retries or adjusts its configuration until the operat
Checkpoint
1st September – Threat Intelligence Report
blogs_checkpoint·2025-09-01
CVE-2025-55177 1st September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 1st September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of sensitive personal information for over 4.4 million individuals in the United States. The leaked data includes names, billing addresses, phone numbers, email addresses, dates of birth, unredacted Social Secur
Bleepingcomputer
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
blogs_bleepingcomputer·2025-08-27·CVSS 9.2
CVE-2025-7775 [CRITICAL] Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
## Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
## Bill Toulas
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.
The vulnerability affects NetScaler ADC and NetScaler Gateway and the vendor addressed it in updates released yesterday.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix, the security issue has been exploited as a zero-day vulnerability.
The versions affected by CVE-2025-7775 are 14.1 before 14.1-47.48, 13.1 before13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241-FIPS/NDcPP, and 12.1-FIPS/NDcPP up to 12.1-55.330-FIPS/NDcPP.
Citrix does not provide any mitigations or workarounds and urges admins to upg
Bleepingcomputer
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
blogs_bleepingcomputer·2025-08-26·CVSS 9.2
CVE-2025-7775 [CRITICAL] Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
## Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
## Lawrence Abrams
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.
The CVE-2025-7775 flaw is a memory overflow bug that can lead to unauthenticated, remote code execution on vulnerable devices.
In an advisory released today, Citrix states that this flaw was observed being exploited in attacks on unpatched devices.
"As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the
Tenable
CVE-2025-7775 Citrix RCE Zero-day
blogs_tenable·2025-08-26·CVSS 9.2
[CRITICAL] CVE-2025-7775 Citrix RCE Zero-day
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable.io: To control or not to control, that is the question
blogs_tenable·2022-10-10
Tenable.io: To control or not to control, that is the question
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
10 Steps for Building a Web App Assurance Program Using Tenable.io WAS
blogs_tenable·2019-03-26
10 Steps for Building a Web App Assurance Program Using Tenable.io WAS
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
More Visibility into Metrics: Tenable.io Gets New Dashboards
blogs_tenable·2018-04-09
More Visibility into Metrics: Tenable.io Gets New Dashboards
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
More Visibility into Metrics: Tenable.io Gets New Dashboards
blogs_tenable·2018-04-09
More Visibility into Metrics: Tenable.io Gets New Dashboards
Blog / News and Views
Subscribe
# More Visibility into Metrics: Tenable.io Gets New Dashboards
Cody Dumont
April 9, 2018
5 Min Read
Tenable.io users have been asking for new dashboards to make implementing Cyber Exposure easier, and the Tenable dashboard and reporting teams have delivered. We’ve added five new dashboards to Tenable.io, allowing you to gain more visibility into key topics like vulnerability metrics, risk mitigations and exploit reporting.
These five new dashboards are popular dashboards available in SecurityCenter, now upgraded for the Cyber Exposure Lifecycle. Let’s take a peek:
### #1. Executive Summary dashboard
The Executive Summary dashboard takes into account several metrics available in Tenable.io and allows you to narrow the search down to a few key metrics
Tenable
Tips on Using the Tenable Python SDK: How to Run Internal Scans, Scan Imports and Exports and More
blogs_tenable·2018-02-20
Tips on Using the Tenable Python SDK: How to Run Internal Scans, Scan Imports and Exports and More
Blog / Products
Subscribe
# Tips on Using the Tenable Python SDK: How to Run Internal Scans, Scan Imports and Exports and More
Andrew Scott
February 20, 2018
6 Min Read
The Tenable Python SDK was built to provide Tenable.io™ users with the ability to leverage the Tenable.io API by building their own scripts, programs and modules that can seamlessly interact with their data in the Tenable.io platform.
If you’re unfamiliar with how to get started using the Python SDK, refer to my past blog post or see the README for the project in github.
### Prerequisites
The examples used in the post will assume:
- Python 2.7 or 3.4+ installed
- An administrator account in Tenable.io with generated API keys
- A Nessus scanner linked to Tenable.io
### Running an internal scan
In this section, you
Tenable
Tips on Using the Tenable Python SDK: How to Run Internal Scans, Scan Imports and Exports and More
blogs_tenable·2018-02-20
Tips on Using the Tenable Python SDK: How to Run Internal Scans, Scan Imports and Exports and More
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Intro to the Tenable.io API
blogs_tenable·2018-01-25
Intro to the Tenable.io API
Blog / News and Views
Subscribe
# Intro to the Tenable.io API
David Schwalenberg
January 25, 2018
5 Min Read
Tenable.io is the world’s first Cyber Exposure platform, giving you complete visibility into your network and helping you to manage and measure your modern attack surface. All the powerful capabilities of Tenable.io Vulnerability Management are available in the Tenable.io API, a robust, well-documented tool for users of all experience levels. Tenable.io users can access the API via the publicly available web interface. Highly technical users can leverage the API using utilities like cURL or Postman to gather data in an automated fashion and get additional details that may not be readily available via the web UI.
### Using the Tenable.io API
Using the Tenable.io API web UI all
Tenable
Intro to the Tenable.io API
blogs_tenable·2018-01-25
Intro to the Tenable.io API
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Capture the Flag with Mr. Robot
blogs_tenable·2017-10-18
Capture the Flag with Mr. Robot
Blog /
Subscribe
# Capture the Flag with Mr. Robot
Cody Dumont
October 18, 2017
3 Min Read
The hacker-favorite TV show, Mr. Robot, is back on with a great season three opener that features a Capture-the-Flag contest. As the show begins, Elliot decides he needs to stop stage 2 from taking place. Needing a computer to close the backdoor he left in Season 2, Darlene and Elliot travel to the hackerspace in an attempt to find Internet access.
At the hacker space, Elliot talks to a contestant that proclaims he was a CyberPatriot finalist. Elliot and the contestant discuss how to poison the data collected by the Minesweeper game. Elliot is invited into the CTF and captures the final flag, thus securing the hacker space a spot at the CTF.
##### What is CyberPatriot?
CyberPatriot is a natio
Tenable
Capture the Flag with Mr. Robot
blogs_tenable·2017-10-18
Capture the Flag with Mr. Robot
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Personalizing Your Tenable.io Scans
blogs_tenable·2017-09-29
Personalizing Your Tenable.io Scans
Blog /
Subscribe
# Personalizing Your Tenable.io Scans
Noah Cutler
September 29, 2017
4 Min Read
Tenable.io™ Scan and Policy Templates allow you to set up scans with minimal configuration. There are templates for many tasks, such as Host Discovery, detecting the latest headline-grabbing malware, managing mobile devices and more. However, your network is constantly evolving. Eventually the predefined templates will not satisfy the needs of your network. With Tenable.io, you can optimize the management of your network’s cyber risk by designing and launching customized vulnerability scans that are tailored to your organization.
Each template enables a specific set of plugins, and each plugin performs a different security check. By choosing the “Advanced Network Scan” template, you can s
Tenable
Personalizing Your Tenable.io Scans
blogs_tenable·2017-09-29
Personalizing Your Tenable.io Scans
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Internship Takeaways: Understanding Different Port Scanning Techniques
blogs_tenable·2017-08-09
Tenable Internship Takeaways: Understanding Different Port Scanning Techniques
Blog /
Subscribe
# Tenable Internship Takeaways: Understanding Different Port Scanning Techniques
Noah Cutler
August 9, 2017
5 Min Read
As a summer intern for the research and development department at Tenable, I was surprised when my manager gave me a relatively straightforward first task: find every machine in the lab. I knew that some form of port scan was needed. Maybe I could start with a ping sweep of some IP range, or maybe something more comprehensive. But my manager also added some nuance to the project. I had to put myself in the shoes of a Tenable customer, and my objective was to present a plan to discover machines and to identify the Cyber Exposure risk on the lab network using Tenable.io. The first step was to define the network subnets, and then I had to scan the networ
Tenable
Tenable Internship Takeaways: Understanding Different Port Scanning Techniques
blogs_tenable·2017-08-09
Tenable Internship Takeaways: Understanding Different Port Scanning Techniques
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Happy SysAdmin Day 2017
blogs_tenable·2017-07-28
Happy SysAdmin Day 2017
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Happy SysAdmin Day 2017
blogs_tenable·2017-07-28
Happy SysAdmin Day 2017
Blog /
Subscribe
# Happy SysAdmin Day 2017
Stephanie Dunn
July 28, 2017
6 Min Read
Having a background as a system administrator, I know first-hand many of the challenges you face. As every organization has a unique set of business requirements, system administrators work hard behind the scenes to keep operations running smoothly. From managing permission changes, recovering important files and monitoring user accounts, many system administrators utilize scripts to automate and manage routine tasks. Tenable.io includes over 450 pre-built audit policies and allows you to incorporate custom audit files. Custom audit files provide a great way for you to monitor routine events and changes, while making your work a little easier.
### The Problem
On a daily basis, organizations can genera
Tenable
How To Run an External Asset Scan with Tenable.io in Just Four Lines of Python
blogs_tenable·2017-05-03
How To Run an External Asset Scan with Tenable.io in Just Four Lines of Python
Blog /
Subscribe
# How To Run an External Asset Scan with Tenable.io in Just Four Lines of Python
Andrew Scott
May 3, 2017
4 Min Read
The new Python SDK for Tenable.io™ was designed to easily enable powerful integrations with the Tenable.io API. The aim of this blog is to demonstrate how to get the SDK up and running, launch an external network scan against one of your publicly exposed assets, then export the results in a convenient PDF file in only four lines of Python.
The SDK is designed to easily enable powerful integrations with the Tenable.io API
### Tenable.io account setup
If you don’t already have an account, the first thing you’ll need to do is create an account on Tenable.io. Tenable offers a free 60 day evaluation of the platform. Once you’ve completed the form, you’ll
Tenable
How To Run an External Asset Scan with Tenable.io in Just Four Lines of Python
blogs_tenable·2017-05-03
How To Run an External Asset Scan with Tenable.io in Just Four Lines of Python
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
2017 Is a Transformative Year for Security
blogs_tenable·2017-02-21·CVSS 10.0
[CRITICAL] 2017 Is a Transformative Year for Security
Blog /
Subscribe
# 2017 Is a Transformative Year for Security
Eileen Bator
February 21, 2017
1 Min Read
For organizations around the globe, security is evolving from a technology issue to a business issue. CEOs, board members and risk managers are asking questions and seeking solutions from their CISOs. With technologies such as IoT, cloud services, industrial control systems and DevOps in the spotlight, 2017 will be a game changing year for security.
Tenable.io, our new cloud-based vulnerability management platform, is positioned to help infosec pros transform their vulnerability management programs to better understand their exposure and gain control of risk.
Listen as five Tenable experts discuss the coming challenges and opportunities in the security industry.
## Related articl
Tenable
2017 Is a Transformative Year for Security
blogs_tenable·2017-02-21
2017 Is a Transformative Year for Security
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
2017: Time to Shake Up Your Understanding of Risk
blogs_tenable·2017-02-08
2017: Time to Shake Up Your Understanding of Risk
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
2017: Time to Shake Up Your Understanding of Risk
blogs_tenable·2017-02-08
2017: Time to Shake Up Your Understanding of Risk
Blog / Company
Subscribe
# 2017: Time to Shake Up Your Understanding of Risk
Amit Yoran
February 8, 2017
4 Min Read
Two years ago, the message coming out of the RSA Conference was that the security industry had failed; new products kept emerging, yet breaches were still on the rise. Today, we still hear about daily security attacks. Organizations embrace new technologies to remain competitive, and security practitioners struggle to keep pace and preserve the enterprise from painful compromise. If you think the tech community hasn’t done a great job of understanding exposures and managing risk in traditional enterprise environments, things get a lot more complex with the rush to cloud, embracing the DevOps revolution, containers and other technologies that increase capabilities but tha
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
# August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings fro
Wiz
CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-3055 [CRITICAL] CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3055 :
Citrix ADC VPX vulnerability analysis and mitigation
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Source : NVD
## 9.3
Score
Published March 23, 2026
Severity CRITICAL
CNA Score 9.3
High-profile Vulnerability Yes
Affected Technologies
Citrix ADC VPX
Citrix ADC CPX
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 97.5
Exploitation Probability (EPSS) 44.3
Affected packages and libraries
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
## August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group ® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings f
Wiz
CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-4368 [CRITICAL] CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4368 :
Citrix ADC VPX vulnerability analysis and mitigation
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
Source : NVD
## 7.7
Score
Published March 23, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Citrix ADC VPX
Citrix ADC CPX
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Sources
Linux Severity HIGH Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
2025-08-26
Published
2025-08-26
Added to CISA KEV
Exploited in the wild