Kevin BeaumontJun 20, 2025

Citrix Netscaler customers - keep calm and patch CVE-2025-5777 from Tuesday.

It allows unauth memory reads, has similarities to CitrixBleed (CVE-2023-4966) as may allow session token theft.

Show threadKevin BeaumontJun 24, 2025

An update on CVE-2025-5777, explaining why orgs should identify systems and patch.

https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 - DoublePulsar

Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 You may have missed it, as the original CVE on 17th June 2025 referred…

DoublePulsar
Show threadKevin BeaumontJun 24, 2025
Worth noting that every write up says this vuln applies to the management interface - but that isn’t true, it’s because the initial CVE entry was wrong, and nobody does CVE entry updates in write ups.
Show threadKevin BeaumontJun 25, 2025
A bit more on this. https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack

: Why are you even reading this story? Patch now!

The Register
Show threadfuzzyfuzzyfungus

@GossiTheDog I hope nobody is still misled by the pre-correction CVE into thinking that this is just a 'mitigate by controlling access to management interface like you should probably do anyway' thing that they can just defer to lower priority maintenance.

Relatively severe either way; but that teensy little correction was not loud enough for how dramatically an otherwise plausible mitigation turned out to be useless.

Jun 25, 2025 at 12:37pmWeb