NetScaler on Tuesday released security updates for vulnerabilities in its application delivery controller and remote-access tools as it warned that hackers were exploiting a critical memory overflow flaw.

Exploitation of the memory overflow vulnerability, tracked as CVE-2025-7775, which has a CVSS score of 9.2, could lead to denial of service and remote code execution if key conditions are met, NetScaler said in a blog post on Tuesday. The company strongly urged users to upgrade their software to the patched version.

Researchers at Horizon3.ai said each of the NetScaler flaws could lead to service disruption and potential compromise of a host system. 

“We are, however, aware that active exploitation is occurring, with malicious actors abusing these vulnerabilities to create backdoors into affected systems, which can linger and allow access to persist, even after patches have been applied," Jimi Sebree, senior security researcher at Horizon3.ai, told Cybersecurity Dive.

Researchers at Shadowserver Foundation said Wednesday that more than 28,000 instances of Netscaler remain unpatched and online, with the U.S. and Germany containing the most instances. 

Shadowserver has not yet seen evidence of exploitation, but the Cybersecurity and Infrastructure Security Agency added the flaw to its Known Exploited Vulnerabilities Catalog.

Several conditions must be met before hackers can exploit the flaws. For example, NetScaler must be configured in Gateway mode or as a AAA virtual server. 

That condition is similar to one present in the CitrixBleed and CitrixBleed 2 vulnerabilities, Rapid7 researchers observed.

NetScaler’s security updates also address CVE-2025-7776, a flaw that can lead to erroneous behavior or a denial of service, as well as CVE-2025-8424, a flaw involving improper control on the NetScaler Management Interface that could allow an attacker to gain unauthorized access to files. 

NetScaler credited multiple researchers, including the companies Horizon3.ai and Schram & Partner GmbH, for disclosing the flaws.