Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The recently revealed out-of-bounds vulnerability in Citrix NetScaler ADC and NetScaler Gateway is already being dubbed CitrixBleed 2.
Security researchers are beginning to sound the alarm over a recently revealed vulnerability in Citrix’s NetScaler ADC and NetScaler Gateway products, warning that it is likely to be exploited by malicious actors sooner rather than later.
CVE-2025-5777 has a CVSS ranking of 9.3 – making it a critical vulnerability – and is an insufficient input validation that could lead to memory overread.
Citrix released an advisory regarding the vulnerability on 17 June, and the Australian Cyber Security Centre released an “act now” alert for the same flaw on 20 June. Now, other experts are weighing in and are comparing the bug to the infamous CitrixBleed vulnerability of 2023 – CVE 2023-4966 – which was heavily exploited by ransomware actors such as LockBit during its heyday.
“CVE-2025-5777 is shaping up to be every bit as serious as CitrixBleed, a vulnerability that caused havoc for end users of Citrix Netscaler appliances in 2023 and beyond as the initial breach vector for numerous high-profile incidents,” Benjamin Harris, CEO and founder of watchTowr, told Cyber Daily on 25 June.
“The details surrounding CVE-2025-5777 have quietly shifted since its initial disclosure, with fairly important prerequisites or limitations being removed from the NVD CVE description – specifically, the comment that this vulnerability was in the lesser-exposed Management Interface has now been removed – leading us to believe that this vulnerability is significantly more painful than perhaps first signalled.
“While we observe no in-the-wild exploitation as of writing, this vulnerability checks all the boxes for inevitable attacker interest. In-the-wild exploitation will happen at some point, and organisations should be dealing with this as an IT incident – exploitation is not a matter of if, but when. Patch now – this vulnerability is likely to be in your KEV feeds soon.”
Security researcher Kevin Beaumont was even more blunt in his evaluation.
“Has this been exploited in the wild? Citrix say[s] not yet,” Beaumont said in a 24 June blog post.
“However, with CitrixBleed, they said the same thing.
“Since there is currently no detection guidance, I would recommend organisations patch, unless they want to become the detection in the wild after a security incident.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
