CyberSecurity news

FlagThis

@socprime.com //

Critical Citrix NetScaler Memory Disclosure Vulnerability

Original img attribution: https://socprime.com/wp-content/uploads/CitrixBleed-2_v1-1.jpg
ImgSrc: socprime.com

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • labs.watchtowr.com: Blog post detailing the Citrix NetScaler memory disclosure vulnerability (CitrixBleed 2) and its potential impact.
  • socprime.com: Article discussing the detection and exploitation of CVE-2025-5777 in Citrix NetScaler ADC.
  • Wiz Blog | RSS feed: Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know
  • Kevin Beaumont: First exploitation details for CVE-2025-5777 - the Netscaler vuln - are out. If you call the login page, it leaks memory in the response 🤣 I don’t want to specify too much extra technical info on this yet - but if you keep leaking the memory via requests, there’s a way to reestablish existing ICA sessions from the leaked memory.
  • SOC Prime Blog: CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2†in NetScaler ADC Faces Exploitation Risk
  • Resources-2: ​​CVE-2025-5777: Citrix Bleed 2 Memory Leak Vulnerability Explained
  • gbhackers.com: CitrixBleed 2 Vulnerability PoC Published – Experts Warn of Mass Exploitation Risk
  • The Register - Security: CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
  • Talkback Resources: CVE-2025-5777: CitrixBleed 2 Exploit Deep Dive by Horizon3.ai [exp]
  • Glenn ?: Thanks to Horizon3, we pushed a tag out today for CitrixBleed 2 CVE-2025-5777 and are backfilling
  • horizon3.ai: Horizon3.ai
  • doublepulsar.com: CitrixBleed 2 exploitation started mid-June — how to spot it CitrixBleed 2 — CVE-2025–5777 — has been under active exploitation to hijack Netscaler sessions, bypassing MFA, globally for a month.
  • viz.greynoise.io: get on mastodon
  • www.stormshield.com: Security alert Citrix NetScaler CVE-2025-5777: Stormshield Products Response
  • Stormshield: Security alert Citrix NetScaler CVE-2025-5777: Stormshield Products Response
  • Zack Whittaker: New, from me: CISA has given the federal government just one day to patch its NetScaler systems, after confirming "Citrix Bleed 2" is being actively exploited in hacking campaigns. Citrix's advisory, meanwhile, still doesn't mention that the bug is being exploited.
  • Blog: CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks
  • www.imperva.com: CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks
  • techcrunch.com: CISA Confirms Hackers Actively Exploiting Critical Citrix Bleed 2 Bug
  • techcrunch.com: The U.S. cybersecurity agency gave federal agencies just one day to patch a security bug in Citrix Netscaler, which can be exploited to break into corporate and government networks.
  • www.cybersecuritydive.com: Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw
Classification:
  • HashTags: #CitrixBleed2 #NetScalerADC #CVE-2025-5777
  • Company: Citrix
  • Target: Citrix NetScaler ADC users
  • Product: Citrix NetScaler ADC
  • Feature: Memory Management
  • Type: Vulnerability
  • Severity: Major