CISA warns hackers are actively exploiting critical CitrixBleed 2




  • CitrixBleed 2 was discovered in mid-June 2025
  • But there were quickly reports of abuse in the wild
  • CISA is now urging FCEB agencies to patch immediately

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CitrixBleed 2 to its Known Exploited Vulnerabilities (KEV) catalog, alerting Federal Civilian Branch Agencies (FCEB), as well as other businesses, that the bug is being actively exploited in the wild.

On July 10, CISA added CVE-2025-5777 to the catalog – a critical-severity (9.3/10) insufficient input validation vulnerability that leads to memory overread. It affects Citrix NetScaler ADC and NetScaler Gateway devices, versions 14.1 and before 47.46, and from 13.1 and before 59.19.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *