Almost 1,289 Citrix NetScaler ADC and NetScaler Gateway servers continue to be at risk of intrusions involving the critical out-of-bounds memory vulnerability CVE-2025-5777, dubbed as "Citrix Bleed 2", while 2,100 instances remain vulnerable to the critical memory overflow issue, tracked as CVE-2025-6543, following the release of fixes last week, according to Cyber Security News.
Most of the susceptible servers are in the U.S. and Germany, reported The Shadowserver Foundation. Such a development comes after Citrix Bleed 2, which stems from inadequate input validation and could be leveraged for authentication data compromise, was observed by ReliaQuest to have been exploited to take over Citrix web sessions. Attacks involving CVE-2025-6543 have also been conducted on unpatched Citrix NetScaler instances, said Citrix. Organizations have been urged to not only promptly upgrade their NetScaler ADC and NetScaler Gateway servers but also end active sessions using the "kill icaconnection -all" and "kill pcoipConnection -all" commands.
Most of the susceptible servers are in the U.S. and Germany, reported The Shadowserver Foundation. Such a development comes after Citrix Bleed 2, which stems from inadequate input validation and could be leveraged for authentication data compromise, was observed by ReliaQuest to have been exploited to take over Citrix web sessions. Attacks involving CVE-2025-6543 have also been conducted on unpatched Citrix NetScaler instances, said Citrix. Organizations have been urged to not only promptly upgrade their NetScaler ADC and NetScaler Gateway servers but also end active sessions using the "kill icaconnection -all" and "kill pcoipConnection -all" commands.
