The US CISA has issued an urgent warning about a critical Citrix NetScaler vulnerability, CVE-2025-5777, which can be exploited to read out-of-bounds memory and hijack sessions. Patches have been released, but many instances remain unpatched, posing significant security risks. #CitrixBleed #CVE20255777
Keypoints
- The vulnerability CVE-2025-5777 affects Citrix NetScaler ADC and Gateway systems.
- Attackers can exploit the flaw by sending incorrect login requests to retrieve memory content.
- Exposed data includes session tokens, enabling session hijacking and MFA bypass.
- Urgent patches are available for specific NetScaler versions, but many systems remain unpatched.
- CISA has mandated that federal agencies patch within 24 hours due to the high risk.
Read More: https://www.securityweek.com/citrixbleed-2-flaw-poses-unacceptable-risk-cisa/