Netscaler News Articles

CVE-2025-5777 – Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2) - CYFIRMA

Published On : 2025-07-18 EXECUTIVE SUMMARY CVE‑2025‑5777 is a critical information disclosure vulnerability in Citrix NetScaler ADC and Gateway appliances, caused by unsafe memory handling in the...

1 week ago

Updates on Actively Exploited Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway I Arctic Wolf

In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777.

2 weeks ago

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks

A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed

2 weeks ago

Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure

Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced. 

2 weeks ago

Hackers Exploited CitrixBleed 2 Vulnerability Before Public PoC Release

This memory overread vulnerability in Citrix NetScaler appliances demonstrates how sophisticated attackers can identify

2 weeks ago

Hackers Actively Exploited CitrixBleed 2 Flaw Ahead of PoC Disclosure

Researchers have discovered that threat actors began exploiting CitrixBleed 2 vulnerability nearly two weeks before a public proof-of-concept was released.

2 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-5777(link is external) Citrix NetScaler ADC and Gateway...

2 weeks ago

CitrixBleed 2 beckons sweeping alarm as exploits spread across the globe

The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

2 weeks ago

CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.

3 weeks ago

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CISA added Citrix NetScaler's CVE-2025-5777 to its KEV catalog as active exploits emerge worldwide. Immediate patching advised.

3 weeks ago

Vulnerability Citrix NetScaler | CVE-2025-5777

Security alert on the Citrix NetScaler server and Stormshield protection solutions against the CVE-2025-5777.

3 weeks ago

H-ISAC TLP White Threat Bulletin PoC Exploits Available for Citrix NetScaler ADC and NetScaler Gateway Flaw CVE-2025-5777 | AHA

Proof-of-Concept (PoC) exploits for a critical vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, affecting Citrix NetScaler ADC and Gateway devices are publicly available.

3 weeks ago

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) - Help Net Security

All organizations, even those that patched CVE-2025-5777 (aka CitrixBleed 2), should check for indicators of compromise.

3 weeks ago

PoC Exploits Released for CitrixBleed2: 127 Bytes Exfiltrated Per Request

Security researchers have released proof-of-concept exploits for CVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway devices dubbed "CitrixBleed2."

3 weeks ago

CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

CISA adds four critical vulnerabilities to its KEV list, with active exploitation confirmed. Federal agencies must update by July 2025.

3 weeks ago

Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens.

3 weeks ago

CitrixBleed 2 exploits on the loose as orgs slow to patch

Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of users still...

3 weeks ago

Citrix NetScaler ADC And NetScaler Gateway Memory Overflow Vulnerability (CVE-2025-6543)

- A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) - Memory overflow vulnerability leading to unintended control flow and Denial of Service.

3 weeks ago

CitrixBleed 2 Vulnerability PoC Published - Experts Warn of Mass Exploitation Risk

A newly published proof-of-concept (PoC) for the critical CitrixBleed 2 vulnerability (CVE-2025-5777) has sent shockwaves through the cybersecurity community

3 weeks ago

CVE-2025-6543: Critical Citrix NetScaler Memory Overflow Vulnerability | iZOOlogic

Discover the details of CVE-2025-6543, a critical Citrix NetScaler memory overflow vulnerability that could allow remote code execution. Learn about affected versions, risks, and mitigation steps.

4 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its KEV Catalog, based on evidence of active exploitation

1 month ago

CISA Issues Alert on Actively Exploited Citrix NetScaler ADC and Gateway Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert following the addition of a critical Citrix NetScaler vulnerability—CVE-2025-6543

1 month ago

CitrixBleed 2 might be actively exploited (CVE-2025-5777) - Help Net Security

CVE-2025-6543 is being exploited, Netscaler says, but it still doesn't have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777.

Over 1,200 Citrix servers unpatched against critical auth bypass flaw

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authentication by hijacking user sessions.

CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds

CVE-2025-5777 poses serious threats to Citrix Netscaler devices—discover recommended actions to block exploitation and protect accounts from Citrix Bleed 2.

Critical Citrix Bleed 2 flaw now likely exploited in attacks

A critical NetScaler ADC and Gateway vulnerability dubbed

Citrix Bleed 2 flaw now believed to be exploited in attacks

A critical NetScaler ADC and Gateway vulnerability dubbed

CitrixBleed 2 Vulnerability Exploited

This new CitrixBleed lookalike flaw is being exploited in the wild to gain initial access, according to ReliaQuest

Citrix patches critical zero-day. Cisco fixes two maximum-severity flaws.

US Justice Department charges British hacker for allegedly causing $25 million in damages.

Citrix warns of exploitation of Netscaler devices through new bugs

Citrix is sounding the alarm about vulnerabilities affecting Netscaler products that security researchers say are reminiscent of the widely exploited "Citrix Bleed" bug.

Critical Citrix NetScaler Flaw Exploited as Zero-Day

Citrix has released patches for a critical vulnerability in NetScaler ADC and NetScaler Gateway exploited as a zero-day.

Citrix patches critical 0-day amid ‘CitrixBleed 2’ concerns

Two critical vulnerabilities affect common NetScaler ADC and NetScaler Gateway configurations.

Citrix bleeds again: This time a zero-day

Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an...

Citrix users hit by actively exploited zero-day vulnerability

The vendor disclosed the critical zero-day in NetScaler ADC and NetScaler Gateway nine days after it warned of a pair of defects in the same products.

Citrix warns of NetScaler vulnerability exploited in DoS attacks

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition.

New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix releases urgent patches for CVE-2025-6543 in NetScaler ADC, a critical flaw affecting multiple versions. CVSS score 9.2.

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Two critical flaws in SAP GUI expose sensitive data. Patches now available for Windows and Java versions.

Latest Citrix vulnerability could be every bit as bad as Citrix Ble...

A Citrix NetScaler flaw that was quietly patched earlier in June is gathering widespread attention after experts noted strong similarities to the Citrix Bleed vulnerability that caused chaos in late 2023

Critical vulnerability in Citrix Netscaler raises specter of exploitation wave

Threat researchers warn the flaw could open up a flood of attacks that rival the 2023 CitrixBleed crisis.

Up next on the KEV? All signs point to 'CitrixBleed 2'

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum,...

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) - Help Net Security

Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and Gateway that's reminiscent of the infamous CitrixBleed flaw.

Critical Flaws In NetScaler ADC & Gateway – CVE-2025-5349

Two new vulnerabilities, CVE-2025-5349 and CVE-2025-5777, targets NetScaler ADC and Gateway, posing a serious risk to organization.

Citrix NetScaler ADC & Gateway Flaws Expose Sensitive Data to Hackers

The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have been rated with high severity, carrying CVSS base scores of 8.7 and 9.3, respectively.

CVE-2024-12284 Security Update For NetScaler Console

CVE-2024-12284 is a high-severity vulnerability in NetScaler Console. Cloud Software Group released urgent updates to fix the issue.

Citrix NetScaler Vulnerability Exposes Systems to Unauthorized Commands

Cloud Software Group has raced to address a severe security flaw in its widely used NetScaler management infrastructure.

Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Citrix fixes CVE-2024-12284, a NetScaler Console flaw (CVSS 8.8) enabling privilege escalation. Urgent update required—no workarounds available.

SECURITY ADVISORY: Assetnote Releases Verification Method for Citrix NetScaler RDP Proxy Vulnerability

Assetnote BRISBANE, AUSTRALIA, December 12, 2024 /EINPresswire.com/ -- Assetnote, today, released proof-of-concept code that enables security teams to verify if their Citrix NetScaler instances are vulnerable to CVE-2024-8534, a critical RDP Proxy memory safety vulnerability that can cause system re...

SECURITY ADVISORY: Assetnote Releases Verification Method for Citrix NetScaler RDP Proxy Vulnerability

Assetnote BRISBANE, AUSTRALIA, December 12, 2024 /EINPresswire.com/ -- Assetnote, today, released proof-of-concept code that enables security teams to verify if their Citrix NetScaler instances are vulnerable to CVE-2024-8534, a critical RDP Proxy memory safety vulnerability that can cause system re...

SECURITY ADVISORY: Assetnote Releases Verification Method for Citrix NetScaler RDP Proxy Vulnerability

Assetnote, today, released proof-of-concept code that enables security teams to verify if their Citrix NetScaler instances are vulnerable to CVE-2024-8534, a critical RDP Proxy memory safety vulnerability that can cause system restarts.