Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation.Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775, which is under active exploitation.CVE-2025-7775 (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service. This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild.“Exploits of CVE-2025-7775 on unmitigated appliances have been observed.” reads the advisory.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Citrix NetScaler flaw to its Known Exploited Vulnerabilities (KEV) catalog. The US Agency orders federal agencies to fix the vulnerabilities by August 28, 2025.Shadowserver Foundation researchers reported that most of the vulnerable instances are located in the United States (10,100), followed by Germany (4,300), the United Kingdom (1,400), the Netherlands (1,300), and Switzerland (1,300).ALERT: On 2025-08-26 over 28.2K Citrix instances were unpatched to CVE-2025-7775 RCE. There is exploitation in the wild confirmed by @CISACyber KEV.Patch info from Citrix: https://t.co/JXKj8E4KtATop affected: US, GermanyDashboard geo breakdown: https://t.co/5HfXP433yz pic.twitter.com/5Ipe3iBQq8— The Shadowserver Foundation (@Shadowserver) August 27, 2025Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, CVE-2025-7775)