Tens of thousands of systems worldwide remain vulnerable to a bug in Citrix NetScaler ADC and Gateway, despite an available patch and hackers already exploiting the vulnerability.
Tens of thousands of organizations worldwide are vulnerable to targeted attacks from cybercriminals. An uninstalled update for Citrix NetScaler is at the root of the problem. Earlier this week, Citrix released a patch for NetScaler ADC and NetScaler Gateway. This update fixes three bugs. One of the flaws, CVE-2025-7775, is a critical vulnerability with a score of 9.2 that is currently being actively exploited.
Vulnerabilities Everywhere
The situation is most severe in the US. Shadowserver detects just over 10,000 vulnerable systems via the internet. The situation is also problematic in Germany, with 4,312 vulnerable systems.
In the Benelux, the situation is relatively better, though administrators here must also take action. Belgium has 307 discoverable and vulnerable systems, Luxembourg 150, and the Netherlands 1,297. That’s surprisingly more than France (606) and almost as many as the UK (1,411).
Serious and Urgent
The figures show that while the majority of vulnerable Citrix NetScaler systems are in the US, many organizations in Europe could potentially face problems as well.
Hackers can use the bug in question to shut down environments, but also to execute their own code. The memory overflow error can serve as a vector for criminals to steal or destroy data.
As often happens, a high risk and an available patch doesn’t mean companies install that patch quickly enough. Administrators must do this themselves, as it’s specifically on-premises installations that are vulnerable.