A critical, actively exploited buffer overflow vulnerability in Citrix NetScaler ADC and Gateway allows an unauthenticated attacker to execute arbitrary code, leading to a complete system compromise.**

This vulnerability is a buffer overflow within the Citrix NetScaler ADC and Gateway products. An unauthenticated, remote attacker can send a specially crafted request to a vulnerable device to trigger the overflow, which can lead to arbitrary code execution.

The successful exploitation of this vulnerability would result in a complete compromise of the affected gateway device. This allows an attacker to gain a foothold in the network, intercept traffic, exfiltrate sensitive data, and pivot to internal systems. The assigned CVSS score of 9.5 (Critical) and its inclusion in the CISA KEV catalog underscore the extreme risk and confirmed exploitation by threat actors.

Immediate Action: Per CISA's Binding Operational Directive (BOD) 22-01, federal agencies must apply vendor mitigations by the July 20, 2025 deadline. All organizations are strongly urged to apply vendor-supplied patches or mitigations immediately.

Proactive Monitoring: Review system logs for unexpected reboots, anomalous traffic patterns, or unrecognized processes running on the appliance. Monitor network traffic for any suspicious outbound connections from the NetScaler devices.

Compensating Controls: If patching is not immediately possible, restrict access to the appliance from untrusted IP addresses. Deploy a Web Application Firewall (WAF) with rules designed to detect and block buffer overflow exploitation attempts.

Public Exploit Available: Confirmed Active Exploitation

Given the critical severity, confirmed active exploitation, and the strategic network position of the affected products, this vulnerability poses a severe and immediate threat. We strongly recommend that all organizations prioritize the immediate application of vendor-supplied mitigations to all affected Citrix instances. Failure to act swiftly may result in a significant security breach.