More than 28,200 Citrix instances worldwide are currently vulnerable to a critical remote code execution flaw, CVE-2025-7775, which security officials warn is actively exploited in the wild. The affected devices primarily include NetScaler ADC and NetScaler Gateway, with the greatest concentration of vulnerabilities found in the United States, followed by Germany, the UK, and Australia.
Citrix has released firmware updates addressing the issue but has not provided any other mitigations or workarounds, urging administrators to urgently upgrade to secure releases. The flaw impacts systems configured as Gateway/AAA virtual servers and various load balancer setups bound to IPv6 or DBS IPv6 services, placing these critical business networks at immediate risk. Compounding the urgency, federal agencies have been ordered to patch or discontinue use of impacted products by August 28, highlighting the severity and widespread threat posed by the zero-day vulnerability.