Login
Israel-Hamas Conflict
BRICS
Floods
Natural Disasters
Donald Trump
Social Media
Amazon
Artificial Intelligence
Republican Party
Benjamin Netanyahu
US Politics
Instagram
Taxes
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

CitrixBleed 2 Flaws Are Officially Here - so Get Patching or Leave Your Systems at Risk

  • Citrix disclosed a critical vulnerability, CVE-2025-5777, known as CitrixBleed 2, affecting NetScaler ADC and Gateway devices in versions 14.1 and before 47.46 and 13.1 and before 59.19.
  • Security researchers and analysts revealed that this 9.3-severity out-of-bounds read flaw arises from insufficient input validation and resembles the 2023 CitrixBleed vulnerability previously exploited in ransomware attacks.
  • The vulnerability allows attackers to hijack user sessions by extracting sensitive data such as session tokens, credentials, and bypass multifactor authentication on affected Gateway or AAA virtual servers.
  • ReliaQuest reported active exploitation to gain initial access, while Citrix urges immediate patching and warned customers on June 17 to terminate active sessions and upgrade appliances to block attacks.
  • More than 2,100 appliances remain vulnerable, with a reported exploit price of $70,000 and additional high-severity flaws patched this week, highlighting ongoing risks for IT teams facing multiple critical vulnerabilities.
Insights by Ground AI
Does this summary seem wrong?

11 Articles

All
Left
Center
2
Right
Tech RadarTech Radar
Center

CitrixBleed 2 flaws are officially here - so get patching or leave your systems at risk

The company recently fixed three major flaws, but worries of a new threat remain.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Over 1,200 Citrix servers unpatched against critical auth bypass flaw

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions.

Read Full Article
World NEWS LiveWorld NEWS Live

CitrixBleed 2 flaws are officially here - so get patching or leave your systems at risk - WorldNL Magazine

(Image credit: Shutterstock) Citrix disclosed patching a critical-severity bug in Citrix NetScaler ADC and Gateway instancesIndependent researchers dub it "CitrixBleed 2" due to its similiarities to the 2023 flawUsers are advised to patch up ASAPHackers are actively exploiting a critical-severity vulnerability in Citrix NetScaler ADC and Gateway instances to hijack user sessions and gain access to targeted environments, the company has revealed…

Read Full Article
U-S-NEWS.COMU-S-NEWS.COM

SCIENCE & TECH: CitrixBleed 2 flaws are officially here – so get patching or leave your systems at risk – U-S-NEWS.COM

Citrix disclosed patching a critical-severity bug in Citrix NetScaler ADC and Gateway instances Independent researchers dub it “CitrixBleed 2” due to its similiarities to the 2023 flaw Users are advised to patch up ASAP Hackers are actively exploiting a critical-severity vulnerability in Citrix NetScaler ADC and Gateway instances to hijack user sessions and gain access to targeted environments, the company has revealed. The bug is described as a…

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Attacks involving critical Citrix NetScaler bug underway

Threat actors were observed by ReliaQuest to have been leveraging the recently disclosed critical Citrix NetScaler Gateway vulnerability, tracked as CVE-2025-5777, to facilitate initial systems compromise, according to C…

Read Full Article
Help Net SecurityHelp Net Security

CitrixBleed 2 might be actively exploited (CVE-2025-5777) - Help Net Security

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in particular, has captured the attention of infosec professionals due to its similarity to CVE-2023-4966, aka CitrixBleed. Consequently, CVE-2025-577…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

cyble.com broke the news in on Monday, June 30, 2025.
Sources are mostly out of (0)

Similar News Topics

Cybercrimes icon

Cybercrimes

Science icon

Science

News
For You
SearchBlindspotLocal