This article discusses the recent Citrix NetScaler vulnerability, CVE-2025-5777, also known as CitrixBleed 2, which can be exploited remotely to hijack sessions and bypass multi-factor authentication. Security researchers and firms have observed preliminary evidence suggesting active exploitation, raising concerns about targeted attacks. #CitrixBleed2 #CVE-2025-5777
Keypoints
- The CVE-2025-5777 vulnerability affects NetScaler ADC and Gateway instances configured for remote access or AAA virtual server.
- Cybersecurity firm ReliaQuest has found evidence indicating that CVE-2025-5777 is being exploited in the wild.
- The vulnerability allows attackers to read memory including session tokens, leading to session hijacking and MFA bypass.
- It is similar to the previous CitrixBleed vulnerability exploited by ransomware groups in 2023.
- Citrix advises patching both CVE-2025-5777 and other recent vulnerabilities to mitigate risks.
Read More: https://www.securityweek.com/evidence-suggests-exploitation-of-citrixbleed-2-vulnerability/