June 26, 2025 By Pierluigi Paganini
New Citrix flaw ‘CitrixBleed 2’ lets attackers steal session cookies without logging in, echoing a previously exploited vulnerability.
A new flaw in Citrix NetScaler ADC and Gateway, dubbed ‘CitrixBleed 2‘ (CVE-2025-5777, CVSS v4.0 Base Score of 9.3), can allow unauthenticated attackers to steal session cookies, similar to a past critical exploit.
The vulnerability is an insufficient input validation issue leading to memory overread that impacts NetScaler configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
The vulnerability impacts the following supported versions of NetScaler ADC and NetScaler Gateway:
- NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP
Security researcher Kevin Beaumont highlighted similarities between CVE-2025-5777 and the vulnerability CVE-2023-4966 (aka Citrix Bleed).
