CISA Confirms Citrix Bleed 2 Vulnerability Actively Exploited

  • CISA added a critical Citrix NetScaler vulnerability (CVE-2025-5777) to its Known Exploited Vulnerabilities Catalog after confirmation of active attacks.
  • The vulnerability, called “Citrix Bleed 2,” allows authentication bypass and memory overreads, leading to potential exposure of sensitive data.
  • Security researchers and vendors have reported ongoing exploitation by attackers, despite Citrix not yet updating its own advisories.
  • Attackers target critical network appliances, putting enterprise networks at risk, while CISA recommends immediate patching and forced session termination.
  • Other vulnerabilities, such as CVE-2024-36401 in GeoServer, are also being used in attacks, including the deployment of crypto mining Malware.

On July 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw affecting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog. This move confirms that the vulnerability, identified as CVE-2025-5777, is being used in active cyberattacks.

- Advertisement -

CVE-2025-5777, also known as “Citrix Bleed 2,” carries a CVSS score of 9.3. The vulnerability exists due to insufficient input validation. When exploited, it permits attackers to bypass authentication on systems set up as a Gateway or AAA virtual server. This issue causes a memory overread, potentially revealing sensitive information.

A report by security researcher Kevin Beaumont stated exploitation began in mid-June. One of the attacker IP addresses was reportedly linked to the RansomHub Ransomware group. Data from GreyNoise indicated 10 malicious IP addresses from multiple countries, with the United States, France, Germany, India, and Italy as top targets. Citrix has not confirmed exploit activity in its official advisories as of June 26, 2025.

The vulnerability’s risk is high because affected devices often serve as VPNs or authentication servers. “Session tokens and other sensitive data can be exposed — potentially enabling unauthorized access to internal applications, VPNs, data center networks, and internal networks,” according to Akamai. Experts warn that attackers may gain wider access to corporate networks by exploiting vulnerable appliances and pivoting to other internal systems.

CISA advises all organizations to update to Citrix’s patched builds listed in its June 17 advisory, such as version 14.1-43.56 or later. After patching, administrators should end all active sessions to invalidate any stolen authentication tokens. Security teams should review logs for unusual activity on authentication endpoints, as this flaw can enable token theft and session replay without leaving standard malware traces.

In separate incidents, attackers are exploiting a critical flaw in OSGeo GeoServer GeoTools (CVE-2024-36401, CVSS score: 9.8) to install NetCat and XMRig coin miners in South Korea. Once installed, these miners use system resources to generate cryptocurrency, with NetCat enabling further malicious actions or data theft.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

BitNewsBot Newsletter Subscription
- Advertisement -

Latest News

Spot Bitcoin ETFs See $812M Second-Largest Daily Outflow; Ether ETFs Dip

Spot Bitcoin ETFs registered $812 million in net outflows on Friday, the second-largest single-day...

Mill City shares slide 11% after $500M Sui equity line revealed

Mill City Ventures III, listed on Nasdaq, may raise an additional $500 million to...

Strategy Expands STRC Offer to $4.2B as Investor Lawsuits Mount

Strategy increased its fundraising plans for its hybrid STRC security from $500 million to...

Fed Governor Adriana Kugler Resigns, Will Return to Georgetown

Adriana Kugler is stepping down from the Federal Reserve Board, effective August 8. Kugler served...

Assetera Unlocks Tokenized Stocks for Crypto Exchanges in Europe

New compliance solution allows crypto exchanges in Europe to offer tokenized US stocks.Assetera, an...

Must Read

7 Best Crypto To Invest In This Year

Investing in cryptocurrencies has become a popular way for people to diversify their investment portfolio and make potential profits.However, with so many cryptocurrencies available...