The US cybersecurity company CISA is looking pressing consideration to a not too long ago disclosed Citrix NetScaler vulnerability that has been in comparison with the notorious CitrixBleed flaw of 2023.
Tracked as CVE-2025-5777 (CVSS rating of 9.3), the safety defect was disclosed on June 17, when Citrix rolled out patches for it, warning that it may very well be exploited to learn out-of-bounds reminiscence.
The flaw is known as CitrixBleed 2, after safety researcher Kevin Beaumont in contrast it to the broadly exploited CVE-2023-4966 (dubbed CitrixBleed).
Affecting all NetScaler ADC and NetScaler Gateway deployments configured as a gateway or AAA digital server, the safety defect might be triggered utilizing incorrect login requests, to which the equipment responds with parts of reminiscence content material.
Attackers can ship repeated requests to NetScaler’s authentication endpoint to retrieve further reminiscence contents, cybersecurity companies watchTowr and Horizon3.ai revealed in technical writeups.
The uncovered info can embody session tokens, which might be leveraged to hijack periods and bypass multi-factor authentication.
In late June, Citrix disputed a ReliaQuest warning that hackers had already began exploiting the safety defect, however CISA is now warning of the vital threat CVE-2025-5777 exposes organizations to, after including the flaw to its Identified Exploited Vulnerabilities (KEV) catalog.
Federal companies usually want to handle flaws which can be newly added to KEV inside three weeks, however they got a single day to resolve this safety defect.Commercial. Scroll to proceed studying.
“This vulnerability in Citrix NetScaler ADC and Gateway programs, additionally known as Citrix Bleed 2, poses a big, unacceptable threat to the safety of the federal civilian enterprise,” CISA Appearing Government Assistant Director for Cybersecurity Chris Butera instructed SecurityWeek.
“As America’s cyber protection company and the operational lead for federal civilian cybersecurity, CISA is taking pressing motion by directing companies to patch inside 24 hours and we encourage all organizations to patch immediately,” Butera continued.
Patches for CitrixBleed 2 have been included in NetScaler ADC variations 14.1-43.56, 13.1-58.32, 13.1-FIPS, 13.1-NDcPP 13.1-37.235, and 12.1-FIPS 12.1-55.328, and NetScaler Gateway variations 14.1-43.56 and 13.1-58.32.
Greater than 400 internet-accessible NetScaler situations stay unpatched in opposition to this CVE, information from The Shadowserver Basis reveals. Roughly 500 deployments are affected by one other vital difficulty, tracked as CVE 2025-6543 (CVSS rating of 9.2), which was exploited as a zero-day.
Associated: Crucial Wing FTP Server Vulnerability Exploited
Associated: CISA Warns of Two Exploited TeleMessage Vulnerabilities
Associated: Vulnerabilities in CISA KEV Are Not Equally Crucial: Report
Associated: 1000’s of Citrix NetScaler Situations Unpatched Towards Exploited Vulnerabilities
