{"id":6540,"date":"2025-08-30T10:06:02","date_gmt":"2025-08-30T10:06:02","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/08\/30\/citrix-netscaler-0-day-rce-vulnerability-patched-vulnerable-instances-reduced-from-28-2k-to-12-4k\/"},"modified":"2025-08-30T10:06:02","modified_gmt":"2025-08-30T10:06:02","slug":"citrix-netscaler-0-day-rce-vulnerability-patched-vulnerable-instances-reduced-from-28-2k-to-12-4k","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/08\/30\/citrix-netscaler-0-day-rce-vulnerability-patched-vulnerable-instances-reduced-from-28-2k-to-12-4k\/","title":{"rendered":"Citrix Netscaler 0-day RCE Vulnerability Patched \u2013 Vulnerable Instances Reduced from 28.2K to 12.4K"},"content":{"rendered":"<p>    Citrix Netscaler 0-day RCE Vulnerability Patched \u2013 Vulnerable Instances Reduced from 28.2K to 12.4K<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the number of exposed systems drop from approximately 28,200 to 12,400 in just one week.<\/p>\n<p>Data from The Shadowserver Foundation, a non-profit dedicated to internet security, reveals a rapid response from administrators worldwide, though thousands of devices remain at risk.<\/p>\n<p>The vulnerability, tracked as <a href=\"https:\/\/cybersecuritynews.com\/citrix-netscaler-adc-and-gateway-0-day\/\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-7775<\/a>, affects Citrix NetScaler Application Delivery Controllers (ADCs), which are crucial components in many corporate networks. These devices manage, secure, and optimize network traffic to web servers and applications, often handling sensitive user data and providing secure remote access.<\/p>\n<p>A zero-day RCE flaw like this one is considered highly critical because it allows attackers to execute arbitrary code on a vulnerable system remotely, potentially leading to a full network compromise, data theft, or the deployment of ransomware.<\/p>\n<p>According to scans conducted by Shadowserver, system administrators have been diligently applying patches since the vulnerability was made public. The number of vulnerable IP addresses connected to the internet has been cut by more than 56% in a matter of days.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Citrix NetScaler CVE-2025-7775 patch rate as seen in our scans: <a href=\"https:\/\/t.co\/w1lq5JT0s1\">https:\/\/t.co\/w1lq5JT0s1<\/a><a href=\"https:\/\/t.co\/7Y0KORd06n\">https:\/\/t.co\/7Y0KORd06n<\/a><\/p>\n<p>Now down from 28.2K to 12.4K. Europe patching at a faster rate than North America \u2026<\/p>\n<p>(you can toggle overlapping\/stacked time series on our Dashboard to compare) <a href=\"https:\/\/t.co\/JrygvKOrn7\">https:\/\/t.co\/JrygvKOrn7<\/a> <a href=\"https:\/\/t.co\/o3Vtmek5I0\">pic.twitter.com\/o3Vtmek5I0<\/a><\/p>\n<p>\u2014 The Shadowserver Foundation (@Shadowserver) <a href=\"https:\/\/twitter.com\/Shadowserver\/status\/1961415605728231499?ref_src=twsrc%5Etfw\">August 29, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/div>\n<\/figure>\n<p>Analysis of the patching rates by region shows that Europe is leading the remediation efforts, demonstrating a faster decline in vulnerable systems compared to North America.<\/p>\n<p>While both continents have shown a steep reduction in exposed devices, Europe\u2019s patching trajectory has been slightly more aggressive. Other regions, including Asia, South America, Oceania, and Africa, are also patching but at a noticeably slower pace, leaving a larger percentage of their systems exposed.<\/p>\n<p>Despite the positive trend, the work is far from over. With over 12,000 systems still unpatched, the attack surface for malicious actors remains substantial.<\/p>\n<p>Security experts urge all organizations using Citrix NetScaler products to identify vulnerable instances within their networks and apply the necessary security updates immediately. The continued exposure poses a significant risk not only to the affected organizations but to the internet ecosystem as a whole.<\/p>\n<p>The rapid initial response highlights the cybersecurity community\u2019s ability to react to threats, but the remaining vulnerable systems underscore the ongoing challenge of global patch management.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 89%,rgb(169,184,195) 100%)\"><strong>Find this Story Interesting! Follow us on\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/citrix-netscaler-0-day-rce\/\">Citrix Netscaler 0-day RCE Vulnerability Patched \u2013 Vulnerable Instances Reduced from 28.2K to 12.4K<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/citrix-netscaler-0-day-rce\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Citrix Netscaler 0-day RCE Vulnerability Patched \u2013 Vulnerable Instances Reduced from 28.2K to 12.4K A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the number of exposed systems drop from approximately 28,200 to 12,400 in just one week. Data from The Shadowserver Foundation, a [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-6540","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/6540"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=6540"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/6540\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=6540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=6540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=6540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}