The first of the two security flaws (tracked as CVE-2025-5777 and dubbed Citrix Bleed 2) enables threat actors to bypass authentication by hijacking user sessions, while the second (CVE-2025-6543) is now actively exploited in denial-of-service attacks. Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. To temporarily address this known issue, Citrix recommends that administrators disable the default CSP header on affected NetScaler appliances (via the user interface or command line) and clear the cache to ensure that the changes take effect immediately. "There's an issue related to authentication that you may observe after upgrading NetScaler to build 14.1 47.46 or 13.1 59.19," the company explains in an advisory that's also warning admins to immediately patch their appliances against two security critical vulnerabilities. This happens because starting with NetScaler 14.1.47.46 and 13.1.59.19, the Content Security Policy (CSP) header, which mitigates risks associated with cross-site scripting (XSS), code injection, and other client-side attacks, is enabled by default. However, while it is designed to block unauthorized scripts and external content from executing in the browser, the policy also inadvertently restricts legitimate scripts or resources loaded by DUO configuration based on Radius authentication, integrations, custom SAML setups, or other IDP configurations not compliant with the strict CSP rules. After disabling the CSP header, admins are also advised to access the NetScaler Gateway authentication portal to check if the issue is resolved.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 02 Jul 2025 16:20:20 +0000