1. Forum
  2. tqwNet
  3. TQW GENTECH

  • CitrixBleed 2 exploits are now in the wild, so patch now

    From TechnologyDaily@1337:1/100 to All on Tuesday, July 08, 2025 11:15:08
    CitrixBleed 2 exploits are now in the wild, so patch now

    Date:
    Tue, 08 Jul 2025 10:03:00 +0000

    Description:
    Multiple researchers are warning about CitrixBleed 2, a critical-severity
    flaw in Citrix NetScaler ADC and NetScaler Gateway.

    FULL STORY ======================================================================CitrixBl eed 2 was discovered in late June 2025 The majority of instances have not yet been patched Security researchers are warning the bug is likely being exploited already

    CitrixBleed 2, a vulnerability in Citrix NetScaler ADC and NetScaler Gateway, is now being actively exploited in the wild, multiple researchers have
    warned.

    Security researchers recently found a critical-severity vulnerability in
    these instances which could allow threat actors to hijack user sessions and gain access to targeted environments.

    The flaw, described as an insufficient input validation vulnerability that leads to memory overread, is tracked as CVE-2025-5777, and affects device versions 14.1 and before 47.46, and from 13.1 and before 59.19. Given its similarity to a previous Citrix vulnerability called CitrixBleed, security researchers dubbed it CitrixBleed 2.

    Get 55% off Incogni's Data Removal service with code TECHRADAR

    Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
    and protect your privacy from unwanted spam and scam calls. View Deal (No) evidence of abuse

    A patch was made available soon after, but apparently, the majority of instances have not yet been patched, and threat actors are taking advantage
    of that fact. Multiple security researchers, including ReliaQuest, watchTowr, and Horizon3.ai, have warned users of ongoing exploitation campaigns.

    The Register notes watchTowr Labs found a, significant portion of the Citrix NetScaler user base had not yet patched against CitrixBleed 2, urging
    everyone to do so since the bug is trivial to exploit.

    "Previously, we stated that we had no intention to release this vulnerability analysis," the researchers said. However, "minimal" information sharing about the flaw "puts these users in a tough position when determining if they need to sound an internal alarm."

    Soon afterwards, Horizon3.ai said by now threat actors are likely to be including it in their toolkits as well.

    At the same time, Citrix is giving out mixed signals whether or not the bugs are actually being exploited in the wild. The company is redirecting all
    media inquiries to a blog post discussing the matter, in which it says Currently, there is no evidence to suggest exploitation of CVE-2025-5777.

    However, in the FAQ of the same blog post, it also said immediate
    installation of the recommended updates is critically important due to the identified severity of this vulnerability and evidence of active
    exploitation. It is left somewhat vague if this answer relates to CitrixBleed 2, or a different vulnerability.

    Finally, elsewhere in the FAQ, it says We are currently unaware of any evidence of exploitation for CVE-2025-5349 or CVE-2025-5777.

    Wed advise everyone to patch up, just to be on the safe side, especially
    since CitrixBleed was being abused by nation-states in highly targeted attacks. You might also like Over 16 billion records leaked in "unimaginable" major data breach here's what we know Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/citrixbleed-2-exploits-are-now-in-the-w ild-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)