- Citrix revealed patching of a critical difficulty error in Citrix Netscaler ADC and Gateway deposits
- Independent scientists Dubler it “Citrixbleed 2” because of its similar to the 2023 error
- Users are advised to patch ASAP
Hackers actively exploit a vulnerability of critical difficulty in Citrix Netscaler ADC and Gateway deposits to hijack user sessions and access targeted environments, the company has revealed.
The error is described as an insufficient input validation vulnerability that leads to readered memory when Netscaler is configured as a gateway (VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. It is tracked as CVE-2025-5777 and got a severity of 9.3/10-critical.
The error affects Citrix Netscaler ADC and Gateway Device versions 14.1 and before 47.46 and from 13.1 and before 59.19.
Citrixbleed 2
According to security researchers, the vulnerability is already abused in nature to give attackers initial access.
“Unlike session cookies, which are often tied to short-term browser sessions, the session token is typically used in wider approval frames, such as API calls or sustained application sessions,” the researchers explained.
In addition to publishing the vulnerability, Citrix also offers a solution and encourages users to use it as soon as possible.
At the same time, independent analyst Kevin Beaumont says the error is similar to a resemblance to Citrixbleed, one of the most serious Citrix vulnerable discovered in recent years.
It was also a mistake in critical difficulty that was widely exploited by the end of 2023, when various threat actors targeted government agencies, banks, healthcare providers. Among those addicts was Lockbit, one of the most dangerous ransomware operators that existed.
Due to the similarities, the Beaumont called the “CitrixBleed 2” error.
At about the same time, Citrix revealed, which addresses two further Missing: A problem of high difficulty controller and a memory flood vulnerability.
The former has a severity of 8.7 and affects versions from 14.1 and before 43.56 and from 13.1 and before 58.32. The latter, with a 9.2 severity, is traced as CVE-2025-6543 and leads to unintended control current and denial of service in Netscaler ADC and Netscaler Gateway when configured as a gateway.
Via Infosecurity Magazine
