Citrix issues warnings regarding vulnerabilities in NetScaler ADC and Gateway appliances that can cause login issues and are actively exploited for session hijacking and DoS attacks. The default enabling of the Content Security Policy (CSP) header in recent updates unintentionally disrupts legitimate authentication processes, requiring immediate patching and configuration adjustments. #CitrixBleed2 #NetScalerVulnerability
Keypoints
- Recent Citrix updates enable CSP headers by default, which can break login pages on NetScaler appliances.
- The vulnerabilities include CVE-2025-5777, allowing session hijacking, and CVE-2025-6543, used in DoS attacks.
- Admin actions such as disabling the CSP header can temporarily resolve login issues caused by the update.
- The security flaws particularly affect configurations involving DUO, SAML, or custom IDP integrations.
- Citrix recommends immediate patching and consulting support if issues persist after configuration changes.