Cybersecurity experts have raised alarms about CVE-2025-5777, a newly discovered vulnerability in Citrix NetScaler ADC and Gateway that allows threat actors to capture session tokens by exploiting insufficient input validation. This vulnerability could mirror the catastrophic Citrix Bleed incident, which previously resulted in widespread exploitation by ransomware gangs. Citrix has urged all affected customers to upgrade their systems immediately and recommended the termination of active sessions post-upgrade to avert similar risks. A second vulnerability, CVE-2025-5349, involving improper access controls, was also addressed in Citrix’s security bulletin.
Cybersecurity experts are warning Citrix NetScaler operators to swiftly patch a vulnerability, CVE-2025-5777, that could lead to an incident reminiscent of Citrix Bleed.
The vulnerability allows attackers to steal session tokens through malicious requests, bypassing authentication and posing significant risks to affected systems.
Collection
[
|
...
]