Businesses must urgently address the vulnerabilities found in the Citrix software.

In a recent development, Conor Agnew, head of compliance at Closed Door Security, has highlighted a new set of flaws in Citrix's NetScaler ADC and NetScaler Gateway products. These vulnerabilities come as an unwelcome addition to the growing list of issues documented in these products.

The disclosed vulnerabilities include CVE-2025-7775 and CVE-2025-7776, which are memory corruption vulnerabilities. These types of vulnerabilities are typically exploited by state-sponsored or skilled adversaries in targeted attacks. CVE-2025-7775 is a memory overflow vulnerability leading to remote code execution and/or denial of service, with a CVSS score of 9.2. On the other hand, CVE-2025-7776 is a memory overflow vulnerability that leads to unpredictable or erroneous behaviour and DDoS, with a CVSS score of 8.8.

Moreover, CVE-2025-8424 allows improper access control on the NetScaler Management Interface, with a CVSS score of 8.7. Exploit chains targeting these vulnerabilities may try to combine an initial access flaw like CVE-2025-7775 with a flaw like CVE-2025-8424 for management interface compromise. The flaws could allow attackers to carry out denial-of-service (DOS) attacks, access sensitive data, and potentially take control of affected systems.

Citrix, the organization responsible for the disclosed vulnerabilities and issuing patches for the NetScaler Application Delivery Controller and NetScaler Gateway products, has already released patches for these vulnerabilities. It is advisable for customers to install the updated versions of NetScaler ADC and NetScaler Gateway as soon as possible.

It is also crucial for companies and governments to ensure they're keeping all software up to date and moving off of outdated and unsupported systems. Unsupported and end-of-life versions are believed to account for as many as one-in-five NetScaler ADC and NetScaler Gateway installations. Companies should reach out to their vendors for guidance and consult on best practices, especially if they are still on unsupported platforms.

The industry also welcomes the NCSC's new Vulnerability Research Initiative. It is essential for companies to prioritise cybersecurity and take necessary measures to protect their systems from such vulnerabilities.

Lastly, it's worth noting that management interfaces for firewalls and security gateways have been targeted in recent threat campaigns. Even tools used by developers, such as MCP servers, are riddled with vulnerabilities. Companies are encouraged to dodge pricey hardware costs with help from Citrix, ensuring they are using the latest and most secure versions of their software.