Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/

ONE SENTENCE SUMMARY:

Over 3,300 Citrix NetScaler devices remain vulnerable to critical security flaws, risking unauthorized access and data breaches despite available patches.

MAIN POINTS:

1. Over 3,300 Citrix NetScaler devices are still unpatched against CVE-2025-5777.
2. CVE-2025-5777 enables attackers to bypass authentication by hijacking user sessions.
3. The vulnerability allows unauthorized access to sensitive data like session tokens and credentials.
4. PoC exploits for CVE-2025-5777 were released shortly after the flaw’s disclosure.
5. CVE-2025-6543 is another critical unpatched vulnerability causing denial-of-service attacks.
6. NCSC reported attacks on critical organizations in the Netherlands exploiting CVE-2025-6543.
7. Advanced threat actors actively exploited the vulnerabilities as zero-days.
8. CISA mandates federal agencies to secure against these vulnerabilities quickly.
9. The Openbaar Ministerie experienced a breach due to these vulnerabilities.
10. The Picus Blue Report 2025 highlights a significant rise in cracked passwords.

TAKEAWAYS:

1. Unpatched Citrix devices pose significant risks of unauthorized access and data breaches.
2. Early PoC exploits exacerbate the threat posed by CVE-2025-5777.
3. CVE-2025-6543 remains a major concern, actively exploited since early May.
4. Federal mandates emphasize the urgency of securing vulnerable systems.
5. Rising password breaches indicate a growing need for stronger cybersecurity measures.