CyberSecurity news
FlagThis
David Jones@cybersecuritydive.com
//
The cybersecurity community is on high alert due to the active exploitation of a critical vulnerability in Citrix NetScaler devices, known as CitrixBleed 2 (CVE-2025-5777). This flaw allows attackers to perform dangerous memory leak attacks, potentially exposing sensitive user credentials and other confidential data. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized the severity of this threat by adding it to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal agencies have been given a strict 24-hour deadline to patch affected systems, underscoring the urgency of the situation and the significant risk posed to government and enterprise networks.
CitrixBleed 2, which researchers have noted shares similarities with a previous critical vulnerability in Citrix NetScaler (CVE-2023-4966), enables attackers to bypass multi-factor authentication (MFA) and hijack user sessions. This memory leak vulnerability, stemming from insufficient input validation, allows unauthenticated attackers to read sensitive information from NetScaler devices configured as Gateways or AAA virtual servers. The exploitation of this flaw appears to have begun in late June, with reports indicating that some attackers may be linked to ransomware groups. The ease with which session tokens can be stolen and replayed to impersonate authenticated users presents a substantial threat to organizations relying on these Citrix products for remote access.
In response to the escalating threat, cybersecurity researchers have confirmed widespread scanning and probing activity for the vulnerability. The U.S. CISA's inclusion of CVE-2025-5777 on its Known Exploited Vulnerabilities list serves as a strong warning to all organizations to prioritize patching their Citrix NetScaler ADC and Gateway devices immediately. Failure to do so leaves networks vulnerable to sophisticated attacks that can lead to significant data breaches and operational disruptions. Organizations are strongly advised to apply the latest security patches and updates as soon as possible to mitigate the risks associated with this critical vulnerability.
References :
CitrixBleed 2, which researchers have noted shares similarities with a previous critical vulnerability in Citrix NetScaler (CVE-2023-4966), enables attackers to bypass multi-factor authentication (MFA) and hijack user sessions. This memory leak vulnerability, stemming from insufficient input validation, allows unauthenticated attackers to read sensitive information from NetScaler devices configured as Gateways or AAA virtual servers. The exploitation of this flaw appears to have begun in late June, with reports indicating that some attackers may be linked to ransomware groups. The ease with which session tokens can be stolen and replayed to impersonate authenticated users presents a substantial threat to organizations relying on these Citrix products for remote access.
In response to the escalating threat, cybersecurity researchers have confirmed widespread scanning and probing activity for the vulnerability. The U.S. CISA's inclusion of CVE-2025-5777 on its Known Exploited Vulnerabilities list serves as a strong warning to all organizations to prioritize patching their Citrix NetScaler ADC and Gateway devices immediately. Failure to do so leaves networks vulnerable to sophisticated attacks that can lead to significant data breaches and operational disruptions. Organizations are strongly advised to apply the latest security patches and updates as soon as possible to mitigate the risks associated with this critical vulnerability.
Share:
References :
- The Register - Security: Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
- securityaffairs.com: U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
- The Hacker News: CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
- www.cybersecuritydive.com: Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw
- Blog: CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks
- techcrunch.com: CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
- techcrunch.com: CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
- www.imperva.com: CVE-2025-5777 Exposes Citrix NetScaler to Dangerous Memory Leak Attacks
Classification:
- HashTags: #CitrixBleed2 #NetScaler #MemoryLeak
- Company: Citrix
- Target: Citrix NetScaler users
- Product: NetScaler
- Feature: memory leak
- Type: Vulnerability
- Severity: Major