CitrixBleed-ing Again? NetScaler Vulnerability Under Attack
Attackers wasted little time targeting the latest memory disclosure flaw in Citrix's NetScaler products, after researchers published a proof-of-concept exploit (PoC).
Explore the latest Citrix security updates, vulnerabilities, and best practices. Stay informed on protecting your Citrix environment with our insights.
Search across headline titles and summaries.
Background for this topic.
Citrix delivers virtualization and remote access platforms that enable users to run applications and desktops hosted on centralized servers. These technologies support remote work by providing virtualized environments accessible from various devices, often serving as gateways to internal corporate networks. Key components include virtual apps, desktops, and networking tools that facilitate secure connections to enterprise resources.
Citrix environments are critical security targets because vulnerabilities can allow attackers to bypass authentication, execute remote code, or escalate privileges, potentially leading to broader network compromise. Security risks increase with misconfigurations or delayed patching of known flaws. Defenders should prioritize timely updates, enforce strong multi-factor authentication, and monitor remote sessions for unusual activity to reduce exposure to exploitation attempts targeting Citrix infrastructure.
Weekly headline count for the current query.
Attackers wasted little time targeting the latest memory disclosure flaw in Citrix's NetScaler products, after researchers published a proof-of-concept exploit (PoC).
The same APT hammered critical bugs in Citrix NetScaler (CVE-2025-5777) and the Cisco Identity Service Engine (CVE-2025-20337) in a sign of growing adversary interest in identity and access management systems.
The flaw is one of three that the company disclosed affecting its NetScaler ADC and NetScaler Gateway technologies.
Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.
Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."
The unpatched security vulnerability, which doesn't have a CVE yet, is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.
The flaw was nearly identical to last year's CitrixBleed flaw, though not as severe.
The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change's backup strategy failed.
These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed."
A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.
Citrix ADM vulnerabilities could lead to admin password reset and disruption of ADM license service, company warns.
Compromised routers, VPNs, and NAS devices from Cisco, Citrix, Pulse, Zyxel, and others are all being used as part of an extensive cyber espionage campaign.
Company launches cloud delivered, Zero Trust Network Access solution that protects all apps, data and devices, enabling secure work from anywhere.