CVE-2025-8424
published 2025-08-26CVE-2025-8424: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP…
PriorityP353high8.7CVSS 4.0
AVAACLATNPRNUINVCHVIHVAHSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
2.72%
84.2th percentile
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netscaler | adc | >= 12.1 FIPS and NDcPP < 55.330 | 55.330 |
| netscaler | adc | >= 13.1 < 59.22 | 59.22 |
| netscaler | adc | >= 13.1 FIPS and NDcPP < 37.241 | 37.241 |
| netscaler | adc | >= 14.1 < 47.48 | 47.48 |
| netscaler | gateway | >= 12.1 FIPS and NDcPP < 55.330 | 55.330 |
| netscaler | gateway | >= 13.1 < 59.22 | 59.22 |
| netscaler | gateway | >= 13.1 FIPS and NDcPP < 37.241 | 37.241 |
| netscaler | gateway | >= 14.1 < 47.48 | 47.48 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
1st September – Threat Intelligence Report
blogs_checkpoint·2025-09-01
CVE-2025-55177 1st September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 1st September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of sensitive personal information for over 4.4 million individuals in the United States. The leaked data includes names, billing addresses, phone numbers, email addresses, dates of birth, unredacted Social Secur
Bleepingcomputer
Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
blogs_bleepingcomputer·2025-08-27·CVSS 9.2
CVE-2025-7775 [CRITICAL] Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
## Over 28,000 Citrix devices vulnerable to new exploited RCE flaw
## Bill Toulas
More than 28,200 Citrix instances are vulnerable to a critical remote code execution vulnerability tracked as CVE-2025-7775 that is already being exploited in the wild.
The vulnerability affects NetScaler ADC and NetScaler Gateway and the vendor addressed it in updates released yesterday.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Citrix, the security issue has been exploited as a zero-day vulnerability.
The versions affected by CVE-2025-7775 are 14.1 before 14.1-47.48, 13.1 before13.1-59.22, 13.1-FIPS/NDcPP before 13.1-37.241-FIPS/NDcPP, and 12.1-FIPS/NDcPP up to 12.1-55.330-FIPS/NDcPP.
Citrix does not provide any mitigations or workarounds and urges admins to upg
Bleepingcomputer
Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
blogs_bleepingcomputer·2025-08-26·CVSS 9.2
CVE-2025-7775 [CRITICAL] Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
## Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks
## Lawrence Abrams
Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was actively exploited in attacks as a zero-day vulnerability.
The CVE-2025-7775 flaw is a memory overflow bug that can lead to unauthenticated, remote code execution on vulnerable devices.
In an advisory released today, Citrix states that this flaw was observed being exploited in attacks on unpatched devices.
"As of August 26, 2025 Cloud Software Group has reason to believe that exploits of CVE-2025-7775 on unmitigated appliances have been observed, and strongly recommends customers to upgrade their NetScaler firmware to the versions containing the
Tenable
CVE-2025-7775 Citrix RCE Zero-day
blogs_tenable·2025-08-26·CVSS 9.2
[CRITICAL] CVE-2025-7775 Citrix RCE Zero-day
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
# August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings fro
Wiz
CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-3055 [CRITICAL] CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3055 :
Citrix ADC VPX vulnerability analysis and mitigation
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
Source : NVD
## 9.3
Score
Published March 23, 2026
Severity CRITICAL
CNA Score 9.3
High-profile Vulnerability Yes
Affected Technologies
Citrix ADC VPX
Citrix ADC CPX
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 97.5
Exploitation Probability (EPSS) 44.3
Affected packages and libraries
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud
Recorded Future
August 2025 CVE Landscape
blogs_recorded_future·CVSS 8.8
[HIGH] August 2025 CVE Landscape
## August 2025 CVE Landscape
In August 2025, Recorded Future’s Insikt Group ® identified eighteen high-impact vulnerabilities that should be prioritized for remediation. This represents a decrease from the 22 identified in July.
However, the number of Very Critical vulnerabilities has remained the same (16) compared to July. These vulnerabilities have affected the following vendors: Trend Micro, WinRAR, N-able, Cisco, Apple, Citrix, FreePBX, Git, Microsoft, D-Link, and Fortinet.
August was dominated by Citrix and D-Link flaws, which represented six of the eighteen vulnerabilities. Threat actors actively exploited Citrix NetScaler ADC, NetScaler Gateway, and Citrix Session Recording products, as well as D-Link DNR-322L and DCS-2530L routers.
Recorded Future Insikt Group’s CVE Findings f
Wiz
CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-4368 [CRITICAL] CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4368 :
Citrix ADC VPX vulnerability analysis and mitigation
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
Source : NVD
## 7.7
Score
Published March 23, 2026
Severity HIGH
CNA Score 7.7
Affected Technologies
Citrix ADC VPX
Citrix ADC CPX
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Sources
Linux Severity HIGH Has Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs
2025-08-26
Published