# Over 28,000 Citrix Instances Remain Exposed to Critical RCE Flaw CVE-2025-7775
A recent vulnerability assessment by experts at the Shadowserver Foundation has revealed that over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to a critical Remote Code Execution (RCE) flaw, identified as CVE-2025-7775. This vulnerability is already under active exploitation, posing significant security risks to these devices.
The CVE-2025-7775 vulnerability is rated with a CVSS score of 9.2, indicating its high severity and potential impact. According to the Shadowserver Foundation researchers, this memory overflow vulnerability can lead to both RCE and Denial-of-Service (DoS) attacks, making it a critical security issue.
Citrix has recently addressed three security flaws, including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, in their NetScaler ADC and NetScaler Gateway solutions. However, the company specifically warned that one of these vulnerabilities, CVE-2025-7775, is already under active exploitation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Citrix NetScaler flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to prioritize fixing the vulnerability by August 28, 2025.
Geographic Breakdown of Affected Instances
According to Shadowserver Foundation researchers, most vulnerable instances are located in the United States (10,100), followed by Germany (4,300), the United Kingdom (1,400), the Netherlands (1,300), and Switzerland (1,300).
The discovery of this vulnerability highlights the importance of timely patching and proactive security measures to prevent exploitation. As a result, it is essential for organizations using Citrix NetScaler ADC/Gateway instances to prioritize fixing CVE-2025-7775 and other addressed vulnerabilities.
Stay Informed
For more information on Citrix patch information and geographic breakdown, please visit:
* [Citrix Patch Info](https://t.co/JXKj8E4KtA) * [Geographic Breakdown Dashboard](https://t.co/5HfXP433y)
Follow me for the latest security news and updates: @securityaffairs