The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after detecting active exploitation of a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices.
Designated CVE-2025-7775, the flaw stems from a memory overflow in NetScaler’s traffic management subsystem and was recently added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Evidence indicates that sophisticated threat actors are leveraging this vulnerability in targeted intrusions against both public sector and private-sector enterprises.
Binding Operational Directive (BOD) 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities,” mandates that all Federal Civilian Executive Branch (FCEB) agencies must remediate any vulnerability listed in the KEV Catalog by the specified deadline.
Although this directive legally binds only FCEB agencies, CISA strongly urges every organization—regardless of sector—to prioritize patching CVE-2025-7775 and other KEV Catalog entries to minimize the risk of breach, data loss, or lateral movement by malicious actors.
Analysts warn that NetScaler appliances are often deployed at enterprise perimeters to handle SSL/TLS decryption, load balancing, and web application firewall functions.
A successful RCE exploit could allow an adversary to bypass multiple layers of defense, execute arbitrary commands with SYSTEM-level privileges, and establish a persistent foothold.
Given the ubiquity of Citrix NetScaler in government, healthcare, finance, and critical infrastructure environments, the risk profile is exceedingly high.
CISA has provided both detection signatures and recommended mitigation steps. Agencies and organizations are directed to:
- Immediately apply the latest Citrix NetScaler firmware update that addresses CVE-2025-7775.
- Employ network-level segmentation to isolate management interfaces from untrusted networks.
- Monitor for Indicators of Compromise (IOCs) and anomalous process executions on NetScaler hosts.
- Review audit logs for unexpected administrative actions or configurations.
CISA will continue to update its KEV Catalog as more vulnerabilities meet the criteria for inclusion—namely, documented proof of exploitation in the wild and significant risk to federal systems.
For details on BOD 22-01 requirements, remediation timelines, and the catalog’s living list of CVEs, refer to the BOD 22-01 Fact Sheet and CISA’s KEV Catalog portal.
The following table summarizes the critical details of the newly added vulnerability:
| CVE ID | Vulnerability Description | Affected Product | Severity | Remediation Deadline |
| CVE-2025-7775 | Citrix NetScaler Memory Overflow RCE Vulnerability | Citrix NetScaler ADC | Critical | September 30, 2025 (FCEB) |
Timely remediation of CVE-2025-7775 is the single most effective step to avert potential compromise via this zero-day flaw.
CISA reiterates that even organizations outside the federal sphere should treat KEV Catalog entries as a priority in their vulnerability management programs.
The agency will keep stakeholders informed of new catalog additions and evolving threat tactics.
This advisory and supporting materials are provided under CISA’s standard Notification and Privacy & Use policies. For ongoing updates, sign up for CISA alerts and regularly review the KEV Catalog for emerging threats.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
