The U.S. accounted for most of the unpatched Citrix NetScaler instances at over 10,000.
More than 28,200 Citrix NetScaler ADC and Gateway instances could be compromised in ongoing intrusions due to a critical memory overflow vulnerability.
Tracked as CVE-2025-7775, the vulnerability could result in denial-of-service or remote code execution, Security Affairs reports.
The U.S. accounted for most of the unpatched Citrix NetScaler instances at over 10,000, followed by Germany, the UK, the Netherlands, and Switzerland, according to the Shadowserver Foundation.
Such findings come as the Cybersecurity and Infrastructure Security Agency included the security issue in its Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the flaw.
Citrix has also addressed a pair of high-severity NetScaler ADC and Gateway bugs - including the memory overflow defect, tracked as CVE-2025-7776, which could be leveraged to enable DoS, and the improper access control issue, tracked as CVE-2025-8424, which could be harnessed to compromise the management interface.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
