Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Protecting data in the AI ​​era

Underwater gardeners restore marine forests

The EU completes the code of practice for general purpose AI

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » CISA adds Citrix Netscaler CVE-2025-5777 to KEV catalog as an active exploit target enterprise
Identity

CISA adds Citrix Netscaler CVE-2025-5777 to KEV catalog as an active exploit target enterprise

userBy userJuly 11, 2025No Comments4 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw affecting the Citrix Netscaler ADC, and its gateway to its known exploited vulnerability (KEV) catalog officially confirmed that the vulnerability has been weaponized in the wild.

The drawback of the problem is CVE-2025-5777 (CVSS score: 9.3). This is when there is insufficient input validation that can be exploited by an attacker to bypass authentication when the appliance is configured as a gateway or an AAA virtual server. It is also known as Citrix Bleed 2 due to its similarity to Citrix Bleed (CVE-2023-4966).

“The Citrix Netscaler ADC and Gateway contain out-of-range read vulnerabilities due to insufficient input validation,” the agency said. “This vulnerability can lead to memory overreads when Netscaler is configured as a Gateway (VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.”

Cybersecurity

Since then, several security vendors have reported that flaws have been exploited in real attacks, but Citrix has yet to update its own advisory to reflect this aspect. As of June 26, 2025, Anil Shetty, Senior Vice President of Engineering at Netscaler, said “There is no evidence to suggest the exploitation of CVE-2025-5777.”

However, security researcher Kevin Beaumont said in a report published this week that Citrix Bleed 2 exploitation dates back to mid-June, with one of the IP addresses carrying out the attacks being previously linked to Ransomhub ransomware activity.

Greynoise’s data shows it comes from 10 unique malicious IP addresses in Bulgaria, the US, China, Egypt and Finland over the past 30 days. The main goals of these efforts are the US, France, Germany, India and Italy.

Adding CVE-2025-5777 to the KEV catalog is also a result of another defect in the same product (CVE-2025-6543, CVSS score: 9.2). CISA added a flaw to its KEV catalog on June 30, 2025.

The term “Citrix Bleed” is used to allow repeated triggering memory leaks by sending the same payload. Each attempt attempts to effectively “bleed” sensitive information.

“This flaw can have disastrous consequences considering that the affected devices can be configured as VPNs, proxys, or AAA virtual servers. It allows for the disclosure of session tokens and other sensitive data.

These appliances often act as centralized entry points for enterprise networks, allowing attackers to pivot from stolen sessions to access a single sign-on portal, cloud dashboard, or privileged management interfaces. This type of lateral movement is particularly dangerous in hybrid IT environments where internal segmentation is weak when scaffolding becomes complete network access immediately.

To mitigate this defect, organizations must immediately upgrade to patched builds listed in Citrix’s June 17th Advisory, including versions 14.1-43.56 or later. After patching, all active sessions, especially those authenticated via AAA or gateway, must be killed to invalidate the stolen token.

Administrators also recommend that you inspect the logs (such as ns.log) for suspicious requests to authentication endpoints such as /p/u/doauthentication.do and check for answers to unexpected XML data such as fields. The vulnerability is memory overreading and leaves no traces of traditional malware. Create a token hijack and the session plays the most urgent concerns.

Cybersecurity

The development follows reports of aggressive exploitation of critical security vulnerabilities in Osgeo Geoserver Geotools (CVE-2024-36401, CVSS score: 9.8) and deploys Netcat and Xmrig Cryptocurrency Miner in attacks targeting South Korea with Powershell and Shell Scripts. CISA added a flaw to its KEV catalog in July 2024.

“Threat actors target environments with vulnerable Geoserver installations, including Windows and Linux, and have NetCat and Xmrig Coin Miner installed,” says Ahnlab.

“When Coin Miner is installed, it uses the system’s resources to minify the threat actor Monero Coins. Threat actors can use the installed NetCat to perform a variety of malicious behaviors, including installing other malware and stealing information from the system.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleGrok 4 appears to be consulting with Elon Musk to answer controversial questions
Next Article The EU completes the code of practice for general purpose AI
user
  • Website

Related Posts

Protecting data in the AI ​​era

July 11, 2025

A critical MCP-Remote vulnerability allows remote code execution, affecting over 437,000 downloads

July 10, 2025

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

July 10, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Protecting data in the AI ​​era

Underwater gardeners restore marine forests

The EU completes the code of practice for general purpose AI

CISA adds Citrix Netscaler CVE-2025-5777 to KEV catalog as an active exploit target enterprise

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

ICEX Forum 2025 Opens: FySelf’s TwinH Showcases AI Innovation

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.