CyberSecurity news
FlagThis
@socprime.com
//
Citrix NetScaler ADC and Gateway systems are currently facing a critical security threat, identified as CVE-2025-5777, and widely nicknamed "CitrixBleed 2". This vulnerability, similar to the infamous CitrixBleed from 2023, allows unauthenticated attackers to exploit memory overread issues. This exploitation can lead to the disclosure of sensitive information, including session tokens and user credentials, enabling attackers to bypass multi-factor authentication and hijack active remote sessions. Security researchers have noted that exploitation of this flaw began as early as mid-June, with evidence pointing to its use in active hacking campaigns.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-5777 to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. This designation carries significant weight, and CISA has issued a stern warning, urging federal civilian agencies to apply necessary patches within 24 hours. The urgency stems from the understanding that vulnerabilities like this are frequent vectors for malicious cyber actors, posing a substantial risk to government and corporate networks. While Citrix initially released guidance and patches in June, concerns have been raised about the vendor's response in acknowledging the widespread exploitation of this critical flaw.
The exploitation of CitrixBleed 2, alongside other critical vulnerabilities like CVE-2025-5349 and CVE-2025-6543, presents a significant risk to organizations. CVE-2025-5777 specifically allows attackers to steal session tokens, effectively enabling them to impersonate authenticated users and bypass security measures like MFA. This is a direct echo of the impact of the original CitrixBleed vulnerability, which was widely abused by nation-state actors and ransomware groups. The ongoing exploitation means that a considerable portion of the Citrix NetScaler user base may still be vulnerable, underscoring the critical need for immediate patching and diligent security practices.
ImgSrc: socprime.com
References :
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-5777 to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. This designation carries significant weight, and CISA has issued a stern warning, urging federal civilian agencies to apply necessary patches within 24 hours. The urgency stems from the understanding that vulnerabilities like this are frequent vectors for malicious cyber actors, posing a substantial risk to government and corporate networks. While Citrix initially released guidance and patches in June, concerns have been raised about the vendor's response in acknowledging the widespread exploitation of this critical flaw.
The exploitation of CitrixBleed 2, alongside other critical vulnerabilities like CVE-2025-5349 and CVE-2025-6543, presents a significant risk to organizations. CVE-2025-5777 specifically allows attackers to steal session tokens, effectively enabling them to impersonate authenticated users and bypass security measures like MFA. This is a direct echo of the impact of the original CitrixBleed vulnerability, which was widely abused by nation-state actors and ransomware groups. The ongoing exploitation means that a considerable portion of the Citrix NetScaler user base may still be vulnerable, underscoring the critical need for immediate patching and diligent security practices.
ImgSrc: socprime.com
Share:
References :
- Wiz Blog | RSS feed: Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know
- labs.watchtowr.com: How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) - watchTowr Labs
- socprime.com: CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2†in NetScaler ADC Faces Exploitation Risk
- SOC Prime Blog: CVE-2025-5777 Detection: A New Critical Vulnerability Dubbed “CitrixBleed 2†in NetScaler ADC Faces Exploitation Risk
- Talkback Resources: CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?
- Resources-2: ​​CVE-2025-5777: Citrix Bleed 2 Memory Leak Vulnerability Explained
- Glenn ?: 🥜 & - Thanks to Horizon3, we pushed a tag out today for CitrixBleed 2 CVE-2025-5777 and are backfilling.
- community.emergingthreats.net: Citrix Netscaler ADC & Gateway Memory Leak CitrixBleed2 (CVE-2025-5777)
- doublepulsar.com: CitrixBleed 2 exploitation started mid-June — how to spot it
- horizon3.ai: CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?
- The Register - Security: CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
- www.stormshield.com: Security alert Citrix NetScaler CVE-2025-5777: Stormshield Products Response
- Stormshield: Security alert Citrix NetScaler CVE-2025-5777
- techcrunch.com: CISA confirms hackers are actively exploiting critical Citrix Bleed 2 bug
- Blog: CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks
- Zack Whittaker: CISA has given the federal government just one day to patch its NetScaler systems, after confirming Citrix Bleed 2 is being actively exploited in hacking campaigns.
- www.cybersecuritydive.com: Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw
- www.imperva.com: CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks
- The Register - Security: Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
- techcrunch.com: CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
- The Hacker News: CISA adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
- Help Net Security: CISA has added one new vulnerability to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation.
- securityaffairs.com: U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
- Talkback Resources: CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
Classification:
- HashTags: #CitrixBleed #NetScaler #Vulnerability
- Company: Citrix
- Target: Citrix NetScaler ADC and Gateway users
- Product: NetScaler ADC
- Feature: Memory Disclosure
- Malware: CitrixBleed 2
- Type: Vulnerability
- Severity: Disaster