CitrixBleed 2 Flaws Are Officially Here - so Get Patching or Leave Your Systems at Risk
- Citrix disclosed a critical vulnerability, CVE-2025-5777, known as CitrixBleed 2, affecting NetScaler ADC and Gateway devices in versions 14.1 and before 47.46 and 13.1 and before 59.19.
- Security researchers and analysts revealed that this 9.3-severity out-of-bounds read flaw arises from insufficient input validation and resembles the 2023 CitrixBleed vulnerability previously exploited in ransomware attacks.
- The vulnerability allows attackers to hijack user sessions by extracting sensitive data such as session tokens, credentials, and bypass multifactor authentication on affected Gateway or AAA virtual servers.
- ReliaQuest reported active exploitation to gain initial access, while Citrix urges immediate patching and warned customers on June 17 to terminate active sessions and upgrade appliances to block attacks.
- More than 2,100 appliances remain vulnerable, with a reported exploit price of $70,000 and additional high-severity flaws patched this week, highlighting ongoing risks for IT teams facing multiple critical vulnerabilities.
11 Articles
11 Articles
Over 1,200 Citrix servers unpatched against critical auth bypass flaw
Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions.
CitrixBleed 2 flaws are officially here - so get patching or leave your systems at risk - WorldNL Magazine
(Image credit: Shutterstock) Citrix disclosed patching a critical-severity bug in Citrix NetScaler ADC and Gateway instancesIndependent researchers dub it "CitrixBleed 2" due to its similiarities to the 2023 flawUsers are advised to patch up ASAPHackers are actively exploiting a critical-severity vulnerability in Citrix NetScaler ADC and Gateway instances to hijack user sessions and gain access to targeted environments, the company has revealed…
SCIENCE & TECH: CitrixBleed 2 flaws are officially here – so get patching or leave your systems at risk – U-S-NEWS.COM
Citrix disclosed patching a critical-severity bug in Citrix NetScaler ADC and Gateway instances Independent researchers dub it “CitrixBleed 2” due to its similiarities to the 2023 flaw Users are advised to patch up ASAP Hackers are actively exploiting a critical-severity vulnerability in Citrix NetScaler ADC and Gateway instances to hijack user sessions and gain access to targeted environments, the company has revealed. The bug is described as a…
CitrixBleed 2 might be actively exploited (CVE-2025-5777) - Help Net Security
While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in particular, has captured the attention of infosec professionals due to its similarity to CVE-2023-4966, aka CitrixBleed. Consequently, CVE-2025-577…
Coverage Details
Bias Distribution
- 100% of the sources are Center
To view factuality data please Upgrade to Premium