Ethical Hacking News
CitrixBleed 2, a new vulnerability discovered by security researcher Kevin Beaumont, has left many in the cybersecurity community on high alert. The vulnerability allows unauthenticated attackers to steal session cookies without logging in, echoing the same malicious intentions as its predecessor. This article provides a detailed analysis of the vulnerability and offers guidance on how organizations can mitigate the risk associated with CitrixBleed 2.
Unauthenticated attackers can steal session cookies using CitrixBleed 2 vulnerability (CVE-2025-5777) Vulnerable devices: Citrix NetScaler ADC and Gateway, affecting multiple versions Risk of stolen session tokens allowing replay attacks and bypassing MFA Patch recommendations: Update to latest fixed versions and terminate active sessions Importance of staying vigilant in cybersecurity threats and prioritizing posture
CitrixBleed 2, a new vulnerability discovered by security researcher Kevin Beaumont, has left many in the cybersecurity community on high alert. The vulnerability, which is similar to the previously exploited "CitrixBleed" flaw (CVE-2023-4966), allows unauthenticated attackers to steal session cookies without logging in, echoing the same malicious intentions as its predecessor.
The Citrix NetScaler ADC and Gateway devices, which are commonly used for remote access in large organizations, are particularly vulnerable to this exploit. The vulnerability is attributed to an insufficient input validation issue that leads to a memory overread, allowing attackers to read sensitive information from these devices. This could potentially lead to the theft of session tokens, which can be replayed to steal Citrix sessions and bypass multi-factor authentication (MFA).
Beaumont's thorough analysis revealed that the vulnerability affects multiple versions of NetScaler ADC and Gateway, including 12.1-FIPS BEFORE 12.1-55.328-FIPS, 14.1 BEFORE 14.1-43.56, 13.1 BEFORE 13.1-58.32, and 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP. This widespread impact has left many organizations scrambling to assess the severity of the vulnerability and take immediate action to mitigate the risk.
The discovery of CitrixBleed 2 serves as a stark reminder of the importance of keeping software up-to-date and patching vulnerabilities in a timely manner. As security researcher Beaumont aptly noted, "It's back like Kanye West returning to Twitter about two years later, this time as CVE-2025–5777." The similarity between these two vulnerabilities highlights the need for organizations to stay vigilant and proactive when it comes to cybersecurity.
In addition to CitrixBleed 2, another high-severity vulnerability (CVE-2025-5349) has been identified in NetScaler's management interface. This issue is due to improper access control, allowing attackers to exploit vulnerabilities if they gain access to the NSIP, Cluster IP, or Local GSLB IP.
Citrix credits Positive Technologies and ITA MOD CERT for their contributions to identifying these vulnerabilities, but the specific discoverer of CVE-2025-5777 remains unclear. As a result, it is essential for organizations to take immediate action to address these vulnerabilities and protect themselves against potential attacks.
To mitigate the risk associated with CitrixBleed 2, security experts recommend that organizations update their NetScaler appliances to the latest fixed versions. In addition, users should terminate all active ICA and PCoIP sessions for full risk mitigation after upgrading their devices.
The discovery of CitrixBleed 2 serves as a wake-up call for organizations to reassess their cybersecurity posture and take proactive measures to protect themselves against emerging threats. By staying informed and taking immediate action, organizations can minimize the risks associated with this vulnerability and ensure the continued security and integrity of their systems.
In conclusion, CitrixBleed 2 is a critical vulnerability that highlights the importance of staying vigilant in the ever-evolving landscape of cybersecurity threats. As security researchers continue to identify and analyze new vulnerabilities, it is essential for organizations to prioritize their cybersecurity posture and take proactive measures to protect themselves against emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/CitrixBleed-2-A-New-Nightmare-for-Citrix-NetScaler-Devices-ehn.shtml
https://securityaffairs.com/179339/hacking/citrixbleed-2-the-nightmare-that-echoes-the-citrixbleed-flaw-in-netscaler-devices.html
Published: Thu Jun 26 03:44:58 2025 by llama3.2 3B Q4_K_M
