Source: BleepingComputer
Author: Bill Toulas
URL: https://www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/
-
ONE SENTENCE SUMMARY: Citrix warns of critical “CitrixBleed 2” vulnerabilities affecting NetScaler ADC and Gateway devices, potentially exposing sensitive user data.
-
MAIN POINTS:
-
Citrix disclosed vulnerabilities CVE-2025-5777 and CVE-2025-5349 affecting NetScaler ADC and Gateway devices.
-
CVE-2025-5777 is an out-of-bounds memory read allowing unauthenticated attackers memory access.
-
Vulnerable configurations include Gateway setups like VPN virtual servers, ICA Proxy, CVPN, and AAA servers.
-
Cybersecurity researcher named flaw “CitrixBleed 2” due to similarities with older CitrixBleed vulnerability.
-
Attackers exploiting CVE-2025-5777 could hijack sessions, bypass MFA, and access sensitive credentials.
-
CVE-2025-5349 involves improper access control in NetScaler Management Interface through various IPs.
-
Citrix recommends updating to safe versions: 14.1-43.56, 13.1-58.32, 13.1-NDcPP 13.1-37.235 (FIPS), and 12.1-55.328 (FIPS).
-
Admins should terminate all active ICA and PCoIP sessions after installing patches.
-
End-of-life versions ADC/Gateway 12.1 (non-FIPS) and ADC/Gateway 13.0 will not receive patches.
-
Over 56,500 publicly exposed NetScaler endpoints exist, unclear how many remain vulnerable.
-
TAKEAWAYS:
-
Immediately update NetScaler ADC and Gateway devices to mitigate “CitrixBleed 2” vulnerabilities.
-
Regularly monitor and terminate suspicious ICA and PCoIP sessions post-update.
-
Replace unsupported end-of-life versions promptly to maintain security posture.
-
Assess publicly exposed NetScaler endpoints to prioritize patching vulnerable systems.
-
Leverage automation to simplify and accelerate patch management processes.