- Citrix revealed the correction of a critical severity bug in Citrix Netscaler ADC and Gateway instances
- Independent researchers doubt him “Citrixbleed 2” because of his 2023 flaw similarities
- Users are advised to repair as soon as possible
Pirates actively exploit a vulnerability of critical severity in the Citrix Netscaler ADC and Gateway bodies to divert user sessions and access targeted environments, the company revealed.
The bug is described as an insufficient input validation vulnerability which leads to memory memory when the netscaler is configured as a gateway (VPN virtual server, ICA, CVPN, CVPN, RDP) or AAA virtual server. It is followed as CVE-2025-5777 and received a gravity score of 9.3 / 10-Critique.
The flaw affects Citrix Netscaler ADC and the versions of gateway devices 14.1 and before 47.46, and from 13.1 and before 59.19.
Citéricieux 2
According to the researchers in security, Vulnerability is already abused in nature to grant attackers an initial access.
“Unlike session cookies, which are often linked to short -term browser sessions, session tokens are generally used in wider authentication frames, such as API calls or persistent application sessions,” explained researchers.
In addition to publicly disclosing the vulnerability, Citrix also offers a corrective and urging users to apply it as soon as possible.
At the same time, independent analyst Kevin Beaumont said that the bug resembles Citrixbleed, one of the most serious vulnerabilities of Citrix discovered in recent years.
It was also a critical severity flaw that was widely exploited at the end of 2023, when various threat actors targeted government agencies, banks, health care providers. Among the attackers were Lockbit, one of the most dangerous ransomware operators.
Due to the similarities, Beaumont nicknamed the defect “Citrixbleed 2”.
About at the same time, Citrix revealed the fight against two additional defects: a problem of high severity access control and a vulnerability of memory overflow.
The first has a severity score of 8.7 and has an impact on versions of 14.1 and before 43.56 and 13.1 and before 58.32. The latter, with a 9.2 gravity score, is followed under the name of CVE-2025-6543, and leads to an involuntary control flow and a denial of service in Netscaller ADC and Netscal Gateway when configured as a bridge.
Via Infosecurity magazine
