Código HTML do Conteúdo

Post: Citrix Patches Three Zero Days as One Sees Active Exploitation - Against Invaders - Notícias de CyberSecurity para humanos.

<div> <div> <div> <div data-edit-folder-name="text" data-index="0" data-layout-id="2" id="layout-cf74f374-f7fe-4c17-b873-b16222526991"> <p>Citrix has released patches for three zero-day vulnerabilities in NetScaler ADC and Gateway, one of which was already being exploited by attackers.</p> <p>The flaws, tracked as CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, are two memory overflow vulnerabilities and an improper access control on the NetScaler Management Interface.</p> <p>They are all considered critical vulnerabilities, with severity score (CVSS) ratings of 9.2, 8.8 and 8.7, respectively.</p> <p>The following systems are affected by all three vulnerabilities:</p> <ul> <li>NetScaler ADC and NetScaler Gateway&#8239;14.1&#8239;before 14.1-47.48</li> <li>NetScaler ADC and NetScaler Gateway&#8239;13.1&#8239;before 13.1-59.22</li> <li>NetScaler ADC 13.1-FIPS and NDcPP before 13.1-37.241-FIPS and NDcPP</li> <li>NetScaler ADC 12.1-FIPS and NDcPP before 12.1-55.330-FIPS and NDcPP</li> </ul> <p>Additionally, Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities.</p> <p>In <a href="https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&amp;articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424" target="_blank">an August 26 advisory</a>, Citrix indicated that CVE-2025-7775 had been observed being exploited in the wild on &ldquo;unmitigated appliances.&rdquo;</p> <p>According to independent security researcher Kevin Beaumont, exploit campaigns began before the patches were made avaliable by Citrix.</p> <p>He <a href="https://cyberplace.social/@GossiTheDog/115095063936712306" target="_blank">stated</a> that CVE-2025-7775, which he dubbed &lsquo;CitrixDeelb,&rsquo; is &ldquo;the main problem, [with] pre-authentication remote code execution (RCE) being used to drop webshells to backdoor organizations.&rdquo;</p> <p>Based on initial internet scanning for hosts vulnerable to CVE-2025-7775, Beaumont said he found that 84% affected appliances were vulnerable as of August 26.</p> <h2><strong>Customers Urged to Patch Vulnerable Appliances</strong></h2> <p>Citrix urged users to upgrade to one of the following patched versions:</p> <ul> <li>NetScaler ADC&#8239;and NetScaler Gateway 14.1-47.48 and later releases</li> <li>NetScaler ADC&#8239;and NetScaler Gateway 13.1-59.22 and later releases of 13.1</li> <li>NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases of 13.1-FIPS and 13.1-NDcPP</li> <li>NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases of 12.1-FIPS and 12.1-NDcPP</li> </ul> <p>No other workaround is available to mitigate the exploitation of one of these vulnerabilities.</p> <p>The software developer also noted that NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now considered end-of-life (EOL) versions and are no longer supported.</p> <p>&ldquo;Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities,&rdquo; the Citrix advisory added.</p> <h2><strong>Patching Is Not Enough, Experts Said</strong></h2> <p>Simply applying patches without futher investigation of potential compromise is not sufficient, warned Benjamin Harris, CEO of watchtower. </p> <p>&ldquo;Patching is critical, but patching alone won&rsquo;t cut it. Unless organizations urgently review for signs of prior compromise and deployed backdoors, attackers will still be inside. Those that only patch will remain exposed,&rdquo; he said.</p> <p>Caitlin Condon, VP of security research at VulnCheck, argued that exploit campaigns are likely coming from sophisticated threat actors and hinted <em>at involvement by</em> nation-state groups.</p> <p>&ldquo;Memory corruption vulnerabilities like CVE-2025-7775 and CVE-2025-7776 can be tricky to exploit and on the whole tend to be used by state-sponsored or other skilled adversaries in targeted attacks rather than leveraged by commodity attackers broadly,&rdquo; she said.</p> <p>VulnCheck&rsquo;s research has identified that another recent Citrix NetScaler vulnerability, CVE-2025-6543, which affects a narrower set of configurations, shares a nearly identical description with CVE-2025-7775. However, CVE-2025-6543 has not been exploited at scale despite its inclusion on VulnCheck&rsquo;s Known Exploited Vulnerabilities (KEV) list since June 25, according to the firm.</p> <p>While Citrix&rsquo;s advisory explicitly confirms active exploitation only for CVE-2025-7775, VulnCheck&rsquo;s Condon warned that &ldquo;management interfaces for firewalls and security gateways have been targeted en masse in recent campaigns.&rdquo;</p> <p>She emphasized the risk of future exploit chains combining an initial access flaw like CVE-2025-7775 with a secondary vulnerability such as CVE-2025-8424, with the ultimate goal of compromising management interfaces.</p> <p>Condon urged organizations to prioritize patching CVE-2025-8424, cautioning that &ldquo;vulnerability response shouldn&rsquo;t focus solely on higher-severity memory corruption CVEs &ndash; some of which are harder to exploit &ndash; at the expense of more operationally critical flaws.&rdquo;</p> </div> </div> </div></div>