Over 3,300 unpatched Citrix NetScaler devices leave organizations vulnerable to critical session hijacking exploits, including CVE-2025-5777 and CVE-2025-6543. These flaws enable attackers to bypass MFA, steal sensitive data, and cause operational disruptions, with active exploitation reported worldwide. #CitrixBleed #CVE20255777 #CISA #NCSC
Keypoints
- Over 3,300 Citrix NetScaler devices remain unpatched against critical vulnerabilities.
- CVE-2025-5777 allows attackers to hijack user sessions and bypass multi-factor authentication.
- Proof-of-concept exploits for CVE-2025-5777 were released shortly after disclosure, with active zero-day attacks preceding them.
- The vulnerability CVE-2025-6543 was exploited in the Netherlands to breach multiple critical organizations as a zero-day.
- Authorities like CISA and NCSC have urged organizations to urgently patch these vulnerabilities to prevent further attacks.