Knowledge base

September 07, 2025

Citrix NetScaler Vulnerability – Actively Abused Zero-Day

 

August 2025 Citrix confirmed several critical vulnerabilities (including CVE-2025-7775) in NetScaler ADC and Gateway. This is a zero-day that is already being actively abused by attackers. Tens of thousands of systems worldwide are vulnerable, including hundreds in the Netherlands. The severity is high: the National Cyber Security Center (NCSC) and CERT-EU warn that this vulnerability can cause direct remote code execution, resulting in attackers being able to gain complete control over corporate networks.

For Dutch organizations – from SMEs to government – this is not a far cry. These are systems that often perform critical functions, such as authentication (AAA), load balancing and remote access. Without a timely patch, companies risk data breaches, downtime and financial losses.

At ALTA-ICT, we help organizations with rapid patching, monitoring and compliance according to ISO27001, NEN7510 and BIO. In this blog you will read:

  • What CVE-2025-7775 is and why it is relevant to the Netherlands

  • How to effectively patch and mitigate the vulnerability

  • What challenges Dutch companies face

  • What the ROI is of good patch management and 24/7 monitoring

  • How the ALTA-ICT approach stands out

Email deliverability – Prevent spam problems with SPF, DKIM and DMARC

What is CVE-2025-7775 and why relevant for Dutch companies?

  • Definition: buffer overflow in NetScaler ADC/Gateway, misuse leads to RCE/DoS

  • Context: 21,500 vulnerable systems worldwide >, of which 475 are in the Netherlands (source: Techzine)

  • Sector impact: healthcare (EHR access), financial (secure payments), government (DigiD integrations)

  • NCSC advisory: immediate patching, no mitigations available

  • Misconceptions: ‘Only large companies are targeted’ → SMEs also affected by automated scans

 

How do you patch CVE-2025-7775? Practical guide

Step 1 – Inventory

  • Determine which NetScaler version is running

  • Use Citrix/NetScaler tooling to detect vulnerability

Step 2 – Updating

  • Safe versions:

    • 14.1-47.48+

    • 13.1-59.22+

    • 13.1-37.241 (FIPS/NDcPP)

    • 12.1-55.330 (FIPS/NDcPP)

  • Cloud environments already patched, on-premise systems not

Step 3 – Configuration check

  • Gateway/AAA virtual servers

  • IPv6-bound LB servers

  • HDX-CR servers

Step 4 – Monitoring

  • Turn on IDS/IPS logging

  • Monitor 24/7 for abnormal behavior

Step 5 – Awareness

  • Train IT teams on incident response

 

Challenges for Dutch companies

  • Patch backlogs: limited capacity at SMEs

  • Compliance pressure: AVG/NEN7510 requires swift action

  • Shadow IT: unpatched test and dev environments

  • Downtime fear: patching without disruption

Solutions

  • Automated patch management

  • Redundancy plans for uptime (99.9% SLA)

  • Awareness training for employees

 

ROI of timely patch management

  • Cost of data breach NL average: €4.2 million (IBM 2025 report)

  • Average downtime without patch: 36 hours → revenue loss + reputational damage

  • With ALTA-ICT patching: 40% faster turnaround time

  • Compliance advantage: audit-ready within 72 hours

 

The ALTA-ICT approach

At ALTA-ICT, we offer:
ISO27001/NEN7510 certified patch and security management
24/7 SOC monitoring from Dutch data centers
AVG/BIO compliance for healthcare, government and financial
Personalized approach for SMEs – cost-effective and without downtime

We combine tooling, human expertise and Dutch context.

FAQ

1. Has CVE-2025-7775 already been misused?
Yes, confirmed exploits in the wild.

2. Are there any workarounds available?
No, only patching works.

3. How do I know if my system is vulnerable?
Check your NetScaler version or use Citrix tooling.

4. Are cloud variants also vulnerable?
No, those are automatically patched.

5. Does ALTA-ICT provide assistance?
Yes, we do emergency scans and immediate patch management.

Conclusion

The NetScaler vulnerability CVE-2025-7775 shows once again how vulnerable Dutch companies are to zero-day attacks. With hundreds of unprotected systems in the Netherlands, immediate action is required. Only patching offers protection – and it must be done quickly.

At ALTA-ICT, we help companies not only with patching, but also with continuous monitoring, compliance and strategic IT security. In doing so, we reduce risks, minimize downtime and ensure a future-proof IT environment.

👉 S chedule a free consultation with our experts today.

Reference

¹https://www.linkedin.com/posts/altaict_altaict-cybersecurity-zeroday-activity-7366403790054363139-WuBo

²https://advisories.ncsc.nl/2025/ncsc-2025-0268-1.html

Want to know more?

Get in touch
Citrix NetXcaler Lek Hoog Risico

Related
blogs

Data Soevereiniteit Europa vs Amerka
September 07, 2025

Data sovereignty – Opportunities & Impact of the EU Data Act

Read more
ALTA-ICT incident response visual met tekst Wat doe jij als het misgaat
September 07, 2025

Incident Response – Peace of Mind and Control in Data Breaches

Read more
Q4 Cybersecurity Ben jij klaar
September 07, 2025

IT security – How prepared are you for Q4?

Read more
ALTA-ICT visual met schild, bitcoin symbool en phishing hook – Stop cryptojacking
September 07, 2025

Crypto-Mining via Phishing – Stop Cryptojacking with Awareness Training

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Wekelijks in je Mailbox.