New Vulnerabilities Added to CISA’s KEV List
On August 25, 2024, the U.S. Cybersecurity and Information Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog to include two critical vulnerabilities affecting Citrix software. These vulnerabilities, both rated with a medium severity score of 5.1, were patched back in November 2024. The vulnerabilities listed are:
- CVE-2024-8069: A vulnerability concerning deserialization of untrusted data in Citrix Session Recording.
- CVE-2024-8068: An issue related to improper privilege management within Citrix Session Recording.
In line with its standard practices, CISA did not divulge specifics on how these vulnerabilities are being exploited in the wild. Additionally, another vulnerability, CVE-2025-48384, rated at a severity level of 8.0, was also added for its association with Git Link Following.
Active Exploitation of New NetScaler Vulnerability
Citrix released an urgent bulletin on August 26, notifying users about an actively exploited zero-day vulnerability affecting the NetScaler ADC and NetScaler Gateway, marking the third vulnerability within this product to face exploitation in just two months. The vulnerabilities disclosed are:
- CVE-2025-7775
- CVE-2025-7776
- CVE-2025-8424
Among these, CVE-2025-7775 has already been observed being exploited with the aim of deploying web shells, which can allow backdoor access to systems, according to security researcher Kevin Beaumont. This vulnerability, with a severe rating of 9.2, enables Remote Code Execution or Denial of Service when specific configurations of the NetScaler product are applied.
CVE-2025-7776 has a severity score of 8.8 and leads to unpredictable behavior and Denial of Service, while CVE-2025-8424, rated at 8.7, pertains to improper access controls on the NetScaler Management Interface. This highlights the urgent need for affected users to install updates immediately.
Essential Updates Available
Citrix encourages customers using the NetScaler ADC and NetScaler Gateway to promptly upgrade to the latest patched versions. The recommended updates include:
- NetScaler ADC and NetScaler Gateway version 14.1-47.48 and later
- NetScaler ADC and NetScaler Gateway version 13.1-59.22 and later
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later
- NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later
It is vital to note that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 have reached their End of Life (EOL) and are no longer supported by Citrix. Customers using these older versions are strongly encouraged to migrate to a supported version to bolster their security.
Ongoing Threat Landscape
The vulnerabilities in NetScaler ADC and Gateway have attracted hacker interest in prior months as well. On June 30, CISA included CVE-2025-6543 in the KEV catalog, followed by CVE-2025-5777 on July 10. The latter, which has been informally dubbed “Citrix Bleed 2,” bears resemblance to the earlier “Citrix Bleed” vulnerability identified in 2023 (CVE-2023-4966).
CVE-2025-5777, with a severity score of 9.3, is an Out-of-bounds Read vulnerability that was reportedly exploited starting June 23, prior to the public proof of concept being released on July 4 and its eventual addition to the KEV catalog.
As the threat landscape continues to evolve, organizations utilizing Citrix products must remain vigilant and responsive to incoming vulnerabilities that may compromise their systems. Ensuring timely updates and employing best security practices is vital for maintaining a robust defense against cyber threats.
