The Cybersecurity and Infrastructure Security Agency (CISA) has urgently ordered all federal civilian agencies to patch the critical vulnerability CVE-2025-5777, known as “Citrix Bleed 2,” within 24 hours to prevent exploitation. Multiple threat actors, including ransomware gangs, are actively exploiting this bug, which affects Citrix NetScaler appliances and could lead to severe data breaches. #CitrixBleed2 #CISA #NetScalerVulnerability
Keypoints
- CISA has issued a one-day patching deadline for the vulnerability CVE-2025-5777 affecting federal agencies.
- The bug impacts Citrix NetScaler ADC and Gateway appliances, not cloud-managed services.
- Exploitation of this vulnerability has been confirmed and is actively occurring, similar to a previous widespread Citrix bug in 2023.
- Attackers can hijack sessions and bypass multi-factor authentication using stolen session tokens.
- The vulnerability poses a significant risk to sensitive government and critical infrastructure organizations.
Read More: https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2