The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability, identified as CVE-2025-7775, affecting multiple versions of Citrix NetScaler products to its Known Exploited Vulnerabilities catalog. This zero-day flaw is actively being exploited, leaving over 28,000 Citrix devices vulnerable. Citrix has issued a security bulletin urging users to apply the patch without delay to mitigate the risk. Additionally, CISA has included three non-critical bugs in its catalog, two related to previously patched Citrix flaws and one involving malicious Git repositories. Separately, CISA issued an advisory warning that Siemens Desigo CC and SENTRON Powermanager industrial control systems are affected by a third-party privilege escalation vulnerability.