By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions
Tech News

New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions

By admin 4 Min Read
Share
SHARE

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed “CitrixBleed 2,” after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.

Last week, Citrix published a security bulletin warning about flaws tracked as CVE-2025-5777 and CVE-2025-5349 that impact NetScaler ADC and Gateway versions before 14.1-43.56, releases before 13.1-58.32, and also 13.1-37.235-FIPS/NDcPP and 2.1-55.328-FIPS.

The CVE-2025-5777 is a critical flaw that is caused by out-of-bounds memory read, allowing unauthenticated attacks to access portions of memory that they should not have access to.

This flaw impacts NetScaler devices that are configured as a Gateway (VPN virtual server, ICA Proxy, Clientless VPN (CVPN), RDP Proxy) or an AAA virtual server.

Cybersecurity researcher Kevin Beaumont says the flaw echoes the infamous ‘CitrixBleed’ vulnerability (CVE-2023-4966), which was extensively exploited by threat actors, including ransomware and government attacks.

Beaumont characterized CVE-2025-5777 as ‘CitrixBleed 2,’ stating that the flaw could allow attackers to potentially access session tokens, credentials, and other sensitive data from public-facing gateways and virtual servers.

Leaked tokens can be replayed to hijack user sessions and bypass multi-factor authentication (MFA).

The same security bulletin lists a second, high-severity flaw tracked as CVE-2025-5349.

This is an improper access control problem in the NetScaler Management Interface, exploitable if the attacker has access to the NSIP (NetScaler Management IP), Cluster Management IP, or Local GSLB Site IP.

To address both risks, users are recommended to install NetScaler ADC and Gateway 14.1-43.56, 13.1-58.32 and later, 13.1-NDcPP 13.1-37.235 (FIPS), and 12.1-55.328 (FIPS).

While Citrix has not stated whether these flaws are being actively exploited, they do recommend that admins terminate all active ICA and PCoIP sessions as soon as all appliances have been updated. This advice was also given by Citrix regarding the original CitrixBleed flaws.

Before killing active sessions, admins should first review existing sessions for suspicious activity using the show icaconnection command and  NetScaler Gateway > PCoIP > Connections to see PCoIP sessions.

After reviewing the active sessions, admins should then terminate them using these commands:

kill icaconnection -all
kill pcoipconnection -all

In a LinkedIn post, Mandiant CTO Charles Carmakal warns that it is essential to kill sessions after updating devices to prevent previously stolen sessions from being used even after devices are no longer vulnerable.

“Many organizations did not terminate sessions when remediating a similar vulnerability in 2023 (CVE-2023-4966 aka “Citrix Bleed”),” warns Carmakal.

“In those cases, session secrets were stolen before companies patched, and the sessions were hijacked after the patch. Many of those compromises resulted in nation-state espionage or ransomware deployment.”

The flaws also impact end-of-life ADC / Gateway 12.1 (non-FIPS) and ADC / Gateway 13.0, which will not be receiving patches. Those still using these versions should upgrade to an actively supported release as soon as possible.

Beaumont’s internet scans return over 56,500 publicly exposed NetScaler ADC and Gateway endpoints, though what percentage of those are running versions vulnerable to CVE-2025-5349 and CVE-2025-5777 is unknown.

Tines Needle

Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.

In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.

You Might Also Like

Top 3 leadership myths debunked

Adds Device Fingerprinting, PNG Steganography Payloads

Your Delivery Robot Is Here

Samsung Galaxy Tab S11 Review: It’s Time For Something New

How the World’s Largest 3D Object Library By Microsoft & NVIDIA

TAGGED: Citrix, Citrix ADC, Citrix Bleed, Citrix Gateway, Information Disclosure, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article 2025 NBA offseason trade tracker, grades: Jazz get Walter Clayton in Draft Day Trade
Next Article Everything We Know About Apple’s Foldable iPhone
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had
Celebrity
Ghost of Yōtei’s Open World is a Cut Above Its Competition
Gaming News
The best guns in the Black Ops 7 beta in early access
Gaming News
6-story office building to be converted into housing in Denver’s Capitol Hill
Business
Could Trump’s $2,000 tariff rebates for Americans stimulate an altcoin surge?
Crypto
Hegseth announces latest strike on boat near Venezuela he says was trafficking drugs
World News
Top 3 leadership myths debunked
Tech News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Patricia Routledge Net Worth: How Much Money the ‘Keeping Up With Appearances’ Star Had
October 3, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?