Kevin BeaumontCitrix Netscaler customers - keep calm and patch CVE-2025-5777 from Tuesday.
It allows unauth memory reads, has similarities to CitrixBleed (CVE-2023-4966) as may allow session token theft.
An update on CVE-2025-5777, explaining why orgs should identify systems and patch.
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
Worth noting that every write up says this vuln applies to the management interface - but that isn’t true, it’s because the initial CVE entry was wrong, and nobody does CVE entry updates in write ups.
A bit more on this. https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
Citrix on this one:
"At this time, there have been no reports or indications that the vulnerabilities described in CTX693420 (CVE-2025-5349 and CVE-2025-5777) are being actively exploited in the wild. However, due to the critical severity of these issues (CVSS scores of 8.7 and 9.3), We strongly recommends that affected customers apply the updated patches immediately to mitigate any potential risks."
NHS Digital's cyber alert database has been updated too. https://digital.nhs.uk/cyber-alerts/2025/cc-4670
I highly recommend bookmarking this site for the alerts, they're really good at filtering noise:
https://digital.nhs.uk/cyber-alerts
E.g. if you select 'high' category, there's only one a month on average
alg0w@GossiTheDog They don't even have an RSS/Atom feed, what a shame.
maria