Citrix Devices Hit by Hackers Weeks Before Patch Released

Hackers began exploiting a critical vulnerability in Citrix NetScaler, known as CitrixBleed 2, nearly two weeks before a public proof-of-concept became available. Researchers observed suspicious activity targeting Citrix devices hit by hackers as early as June 23, well ahead of the July 4 PoC release. The flaw, tracked as CVE-2025-5777, allows attackers to extract sensitive data from memory by sending malformed DTLS packets.

The vulnerability, rated 9.8 on the CVSS scale, stems from improper bounds checking in the SSL module. Malicious traffic, traced to Chinese IPs, precisely targeted Citrix devices hit by hackers using crafted DTLS handshake sequences. Analysts confirmed exploitation by capturing packet data and identifying repeated memory overreads.

On July 9, CISA added the flaw to its Known Exploited Vulnerabilities catalog and urged immediate patching. Security teams should apply Citrix’s fix and monitor for abnormal DTLS traffic.

Read the full article at: https://cybersecuritynews.com/citrixbleed-2-vulnerability-exploited-2/