- Citrix revealed the patch of a critical severity error in Citrix Netscaler ADC and the Gateway instances
- Independent researchers bend it “Citrixed 2” due to its similarities for the defect of 2023
- Users are advised to parce as soon as possible
Computer pirates are actively exploiting a critical severity vulnerability in the instances of Citrix Netscaler ADC and Gateway to kidnap user sessions and obtain access to specific environments, the company has revealed.
The error is described as a vulnerability of insufficient input validation that leads to overloaded memory when the Netscaler is configured as a gateway (VPN Virtual Server, Ica Proxy, CVPN, RDP Proxy) or AAA virtual server. They are traced as CVE-2025-5777, and it was given a gravity score of 9.3/10, critic.
The fault affects Citrix Netscaler ADC and the Verses of Link Gate -1 Device 14.1 and before 47.46, and from 13.1 and before 59.19.
Citrixbleed 2
According to Reliakest security researchers, vulnerability is already being abused in nature to grant initial access to attackers.
“Unlike session cookies, which are often linked to short -term browser sessions, session tokens are generally used in broader authentication frames, such as API calls or persistent application sessions,” the researchers explained.
In addition to publicly revealing vulnerability, Citrix also offers a solution and urges users to apply it as soon as possible.
At the same time, the independent analyst Kevin Beaumont says that the error looks like Citrixbleed, one of the most serious Citrx vulnerabilities discovered in recent years.
It was also a critical defect that was widely exploited at the end of 2023, when actors of different threats went to government agencies, banks, medical care providers. Among the abusers was Lockbit, one of the most dangerous ransomware operators that exist.
Due to the similarities, Beaumont called the defect “Citrixed 2”.
Approximately at the same time, Citrix revealed to address two additional defects: a high -severity access control problem and a memory overflow vulnerability.
The first has a gravity score of 8.7 and impacts versions of 14.1 and before 43.56 and 13.1 and before 58.32. The latter, with a gravity score of 9.2, is traced as CVE-2025-6543, and leads to an unwanted control flow and a denial of the service at the Netscaler Adc and Netscaler’s link door when configured as a link door.
Through Infosecurity magazine
