heise PlusAbo
Anzeige

More than 28.000 Netscaler instances vulnerable to Citrix Bleed 3

IT researchers on Tuesday found more than 28.000 Netscaler instances worldwide vulnerable to Citrix Bleed 3.

listen Print view
Network cables in patch panels

(Image: asharkyu/Shutterstock.com)

2 min. read
Security
By

On Wednesday, it became known that vulnerabilities in Citrix's netscalers (ADC and gateways) are under attack, already dubbed"Citrix Bleed 3". The Shadowserver Foundation published figures on Wednesday showing that more than 28.000 systems worldwide were still vulnerable to the "Citrix Bleed 3" vulnerability on Tuesday. Attackers can presumably abuse the vulnerabilities.

The IT researchers at the Shadowserver Foundation have published their findings for Tuesday, August 26, 2025, on X. They counted more than 28,200 vulnerable instances for Citrix Bleed 3 (CVE-2025-7775), with the USA in first place with more than 10.000 systems and Germany in second place with more than 4.300 vulnerable netscalers.

The Citrix Netscaler systems are highly likely to be vulnerable to the vulnerabilities CVE-2025-7775 (CVSS4 9.2, risk"critical"), CVE-2025-7776 with CVSS 8.8 and risk"high" and CVE-2025-8424 (CVSS4 8.7, risk"high") reported on Wednesday. Updates for these have only been available since Tuesday of this week, which eliminate the security-relevant errors. Citrix cites the following restrictions for the vulnerability:

  • NetScaler must be configured as a gateway – this probably applies to the majority of devices,
  • or the NDcPP/FIPS-certified version must offer load balancing services for HTTP/QUIC in IPv6,
  • or NetScaler is configured as a virtual CR server (cache redirection) of type HDX.

Attacks are ongoing, install updates

IT managers should update their Netscaler systems quickly due to the ongoing attacks. The errors are corrected in the versions:

  • NetScaler ADC and NetScaler Gateway 14.1 14.1-47.48
  • NetScaler ADC and NetScaler Gateway 13.1 13.1-59.22
  • NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.241-FIPS and NDcPP
  • NetScaler ADC 12.1-FIPS and NDcPP 12.1-55.330-FIPS and NDcPP

as well as newer versions of the software.

Videos by heise

Admins can check if they are vulnerable by checking the "ns.conf" file on their Netscalers for the presence of vulnerability conditions. Citrix explains how IT managers can do this in the associated support article.

(dmk)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten