Home Innovation Citrix Citrix Addresses Critical Vuln...

Citrix Addresses Critical Vulnerability in NetScaler ADC/Gateway, Urges Immediate Updates

Citrix

Business Honor
28 June, 2025

Citrix fixes critical vulnerability (CVE-2025-5777) in NetScaler ADC/Gateway, urging updates to prevent session hijacking.

Citrix is fixing a severe flaw in its NetScaler ADC and Gateway products, CVE-2025-5777, also referred to by researchers as "Citrix Bleed 2." The bug, an out-of-bounds memory read bug, allows unauthenticated attackers to read sensitive regions of memory, making it potentially possible for them to pull session tokens, credentials, and other sensitive data from public-facing gateways and virtual servers. When abused, criminals can quickly bypass multi-factor authentication (MFA) and hijack users' sessions and thus breach Citrix environments' security.

While there have been no reported cases of active exploitation since Citrix issued a patch for the vulnerability on June 17, 2025, recent security news from ReliaQuest indicates that targeted attacks are presently exploiting the vulnerability. The company sees attackers utilizing stolen session tokens to take over Citrix web sessions, evade MFA, and conduct Active Directory reconnaissance, which can enable them to map users, groups, and permissions.

Citrix has asked impacted customers to update to the most current firmware versions (14.1-43.56+, 13.1-58.32+, 13.1-FIPS/NDcPP 13.1-37.235+) to help reduce the vulnerability. Administrators are also recommended to end all ICA and PCoIP sessions after updating to avoid risking session hijacking. Citrix advises examining active sessions for unusual behavior prior to ending them.

To questions regarding active exploitation, Citrix responded, There is no indication to suggest exploitation of CVE-2025-5777 currently. Another severe vulnerability (CVE-2025-6543) in Citrix's environment is already being exploited for Denial of Service (DoS) attacks. As an interim measure for those unable to promptly install the security patches, Citrix recommends blocking external access to NetScaler using network ACLs or firewall policies until the update can be installed.