
Sharp Decline in Internet-Exposed Citrix Systems
Security researcher Kevin Beaumont has reported a significant decrease in the number of Citrix systems directly accessible from the internet over recent years. This trend correlates with the numerous security vulnerabilities that have plagued the Citrix platform, particularly its NetScaler application delivery controllers.
Statistical Evidence of Decline
According to Shodan search engine data analyzed by Beaumont, the number of visible Citrix systems has dropped dramatically from nearly 130,000 in late 2019 to approximately 28,000 currently. The Shadowserver Foundation confirms this downward trajectory, with only 28,200 systems detected recently, of which 15,800 have received critical security updates.
Recent Security Challenges
Citrix has faced multiple actively exploited vulnerabilities in recent years, including CVE-2025-6543 and CVE-2025-7775. These zero-day vulnerabilities have targeted the NetScaler ADC and Gateway products, which are crucial for remote access to corporate applications and environments. The position of these systems in network infrastructure makes them prime targets for cyber attackers seeking unauthorized access to corporate networks.
Industry Response and Migration
Beaumont emphasizes that Citrix customers currently face significant challenges, stating "the product is on fire and not in a good way." The researcher criticizes Citrix for lack of transparency regarding customer impacts and recommends that companies either push for comprehensive security revisions or consider migrating to alternative solutions.
The security community has observed a migration trend toward cloud-based alternatives such as Microsoft 365, SharePoint, and other remote access solutions that offer better security postures and reduced maintenance overhead. Many organizations are implementing additional security measures including multi-factor authentication, device registration requirements, and geographic access restrictions.
Current Vulnerability Status
As of recent assessments, approximately 12,400 Citrix systems remain vulnerable to the latest security threats despite available patches. This represents a significant security risk for organizations still relying on exposed Citrix infrastructure for remote workforce capabilities.