BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA Confirms Citrix Bleed 2 Vulnerability Actively Exploited

  • CISA added a critical Citrix NetScaler vulnerability (CVE-2025-5777) to its Known Exploited Vulnerabilities Catalog after confirmation of active attacks.
  • The vulnerability, called “Citrix Bleed 2,” allows authentication bypass and memory overreads, leading to potential exposure of sensitive data.
  • Security researchers and vendors have reported ongoing exploitation by attackers, despite Citrix not yet updating its own advisories.
  • Attackers target critical network appliances, putting enterprise networks at risk, while CISA recommends immediate patching and forced session termination.
  • Other vulnerabilities, such as CVE-2024-36401 in GeoServer, are also being used in attacks, including the deployment of crypto mining Malware.

On July 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security flaw affecting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog. This move confirms that the vulnerability, identified as CVE-2025-5777, is being used in active cyberattacks.

- Advertisement -

CVE-2025-5777, also known as “Citrix Bleed 2,” carries a CVSS score of 9.3. The vulnerability exists due to insufficient input validation. When exploited, it permits attackers to bypass authentication on systems set up as a Gateway or AAA virtual server. This issue causes a memory overread, potentially revealing sensitive information.

A report by security researcher Kevin Beaumont stated exploitation began in mid-June. One of the attacker IP addresses was reportedly linked to the RansomHub Ransomware group. Data from GreyNoise indicated 10 malicious IP addresses from multiple countries, with the United States, France, Germany, India, and Italy as top targets. Citrix has not confirmed exploit activity in its official advisories as of June 26, 2025.

The vulnerability’s risk is high because affected devices often serve as VPNs or authentication servers. “Session tokens and other sensitive data can be exposed — potentially enabling unauthorized access to internal applications, VPNs, data center networks, and internal networks,” according to Akamai. Experts warn that attackers may gain wider access to corporate networks by exploiting vulnerable appliances and pivoting to other internal systems.

CISA advises all organizations to update to Citrix’s patched builds listed in its June 17 advisory, such as version 14.1-43.56 or later. After patching, administrators should end all active sessions to invalidate any stolen authentication tokens. Security teams should review logs for unusual activity on authentication endpoints, as this flaw can enable token theft and session replay without leaving standard malware traces.

- Advertisement -

In separate incidents, attackers are exploiting a critical flaw in OSGeo GeoServer GeoTools (CVE-2024-36401, CVSS score: 9.8) to install NetCat and XMRig coin miners in South Korea. Once installed, these miners use system resources to generate cryptocurrency, with NetCat enabling further malicious actions or data theft.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bitcoin Data Strong Amid Selling and Yield Fears

Despite a zero ByteTrend score, the Bitcoin network's weekly on-chain transaction value is $13.5...

Ohio County Paid $1M After Data Heist

Union County, Ohio, paid roughly $1 million in Bitcoin to the cyber group Kairos...

Bitcoin’s 2026 Outlook: Sideways Trading Before Any Big Rally

Bitcoin is currently trading between $58,000 and $62,000, a steep drop from its October...

North Korean PolinRider Hackers Publish 108 Malicious Packages

North Korean-linked threat actors, known as Contagious Interview, have expanded their PolinRider supply-chain campaign...

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Must Read

The 13 Best Crypto Advertising Networks to Grow Your Project

TABLE OF CONTENTSWhy Traditional Ad Networks (Like Google & Facebook) Fail CryptoQuick-View Comparison TableHow to Choose the Right Crypto Ad Network for Your ProjectBest...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading