Critical CitrixBleed 2 vulnerability has been under active exploit for weeks

from Ars Technica 4 days ago

A serious vulnerability, CVE-2025-5777, in Citrix network devices allows hackers to bypass multifactor authentication. This vulnerability has been actively exploited for over a month, contrasting Citrix's statements. CVE-2025-5777 resembles an older vulnerability, CVE-2023-4966 or CitrixBleed, which previously affected numerous organizations. The newer vulnerability leads to memory leaks that can enable hackers to extract user credentials. Citrix issued a patch for CVE-2025-5777 on June 17 but claimed there was no evidence of exploitation, despite evidence found by researchers indicating otherwise since July 1.

Cybersecurity researchers revealed that a critical vulnerability, CVE-2025-5777, in Citrix network management devices has been exploited for over a month, contradicting Citrix's claims.

CVE-2025-5777 can leak sensitive information from Citrix's NetScaler Application Delivery Controller, allowing hackers to reconstruct users' credentials via repeated requests.

This vulnerability shares similarities with a previous exploit, CitrixBleed, which compromised 20,000 devices, including those at major companies like Boeing and DP World.

Citrix released a security patch for CVE-2025-5777 on June 17, but security firm Greynoise detected evidence of exploitation starting July 1.

Read at Ars Technica

#citrix #cve-2025-5777 #cybersecurity #vulnerabilities #hackers

Collection

[

...

]

Critical CitrixBleed 2 vulnerability has been under active exploit for weeksCritical CitrixBleed 2 vulnerability has been under active exploit for weeks Briefly

Critical CitrixBleed 2 vulnerability has been under active exploit for weeks
Critical CitrixBleed 2 vulnerability has been under active exploit for weeks
Briefly