Security News > 2023 > July > Citrix ADC and Gateway zero-day actively exploited in attacks

Citrix today is alerting customers of a critical-severity vulnerability in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "Strongly urges" to install updated versions without delay.
Formerly Citrix ADC and Citrix Gateway, the two NetScaler products received new versions today to mitigate a set of three vulnerabilities.
The company notes that NetScaler ADC and NetScaler Gateway version 12.1 have reached the end-of-life stage and customers should upgrade to a newer variant of the product.
In the first week of July, someone advertised on a hacker forum a zero-day vulnerability for Citrix ADC. The details are too few to definitely link it to the Citrix security bulletin today but the little clues available appear to point to it.
The author of the post said on July 6 that they had a remote code execution zero-day that allegedly worked for versions of Citrix ADC up to 13.1 build 48.47.
At the time of writing, technical details about all three vulnerabilities are not publicly available but organizations with NetScaler ADC and Gateway appliances should prioritize updating them.
News URL
Related news
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)