Forum Discussion
CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild
On August 26, Citrix published a security advisory for three vulnerabilities, including CVE-2025-7775, a zero-day vulnerability which has been exploited against its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances:
| CVE | Description | CVSSv4 |
| CVE-2025-7775 | Citrix NetScaler ADC and Gateway Unauthenticated Remote Code Execution (RCE) and Denial of Service (DoS) Vulnerability | 9.2 |
| CVE-2025-7776 | Citrix NetScaler ADC and Gateway DoS Vulnerability | 8.8 |
| CVE-2025-8424 | Citrix NetScaler ADC and Gateway Improper Access Control Vulnerability | 8.7 |
CVE-2025-7775 is a RCE vulnerability affecting NetScaler ADC and Gateway appliances. An unauthenticated attacker could exploit this vulnerability to execute arbitrary code or cause a DoS condition on an affected device. According to the security advisory from Citrix, exploitation has been observed prior to the advisory and patches being made public.
Citrix’s NetScaler ADC and Gateway appliances have been a valuable target for attackers over the last several years. Due to the historical exploitation against NetScaler ADC and Gateway appliances, we strongly urge organizations to patch CVE-2025-7775 as soon as possible.
For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.
