Citrix Netscaler 0-Day RCE Vulnerability Fixed – Vulnerable Instances Decrease from 28,200 to 12,400

A significant global effort to address a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has resulted in a dramatic reduction of exposed systems, dropping from approximately 28,200 to 12,400 within just one week. Data from The Shadowserver Foundation, a non-profit organisation focused on internet security, indicates a swift response from administrators worldwide, although thousands of devices remain at risk. The vulnerability, identified as CVE-2025-7775, impacts Citrix NetScaler Application Delivery Controllers (ADCs), which are essential components in numerous corporate networks. These devices are responsible for managing, securing, and optimising network traffic to web servers and applications, often handling sensitive user data and facilitating secure remote access. A zero-day RCE flaw is particularly critical as it enables attackers to execute arbitrary code on vulnerable systems remotely, potentially leading to full network compromise, data theft, or ransomware deployment.

According to scans conducted by Shadowserver, system administrators have been actively applying patches since the vulnerability was disclosed, resulting in a more than 56% reduction in vulnerable IP addresses connected to the internet. Analysis of patching rates reveals that Europe is leading the remediation efforts, demonstrating a faster decline in vulnerable systems compared to North America. While both continents have shown significant reductions, Europe’s patching trajectory has been slightly more aggressive. Other regions, including Asia, South America, Oceania, and Africa, are also engaged in patching but at a slower pace, leaving a larger percentage of their systems exposed. Despite the positive trend, over 12,000 systems remain unpatched, posing a substantial attack surface for malicious actors. Security experts urge all organisations using Citrix NetScaler products to promptly identify vulnerable instances within their networks and apply the necessary security updates. The ongoing exposure presents a significant risk not only to the affected organisations but also to the broader internet ecosystem. 

Categories: Cybersecurity, Vulnerability Management, Global Response 

Tags: Citrix, NetScaler, Vulnerability, RCE, CVE-2025-7775, Patch, Cybersecurity, Administrators, Internet, Exposure