CyberSecurityBoard
Sponsor Register Login

Over 28,200 Citrix instances vulnerable to actively exploited RCE bug

A critical security vulnerability affecting over 28,200 Citrix instances worldwide has been actively exploited by threat actors, raising significant concerns in the cybersecurity community. The flaw, identified as CVE-2023-4965, is a remote code execution (RCE) bug that allows attackers to execute arbitrary code on vulnerable Citrix Application Delivery Controller (ADC) and Citrix Gateway devices. This vulnerability is particularly dangerous as it can be exploited without authentication, enabling attackers to gain full control over affected systems. Citrix, a leading company in application delivery and security solutions, has issued patches and urged users to update their systems immediately to mitigate the risk. The vulnerability has been actively exploited in the wild, with multiple attack campaigns targeting unpatched devices. Security researchers have observed increased scanning activity and exploitation attempts, highlighting the urgency for organizations to apply the necessary updates. The exploitation of CVE-2023-4965 can lead to severe consequences, including data breaches, ransomware deployment, and lateral movement within corporate networks. Attack groups are leveraging this vulnerability to gain initial access and establish persistent footholds. Organizations using Citrix ADC and Gateway products are advised to conduct thorough security assessments, monitor network traffic for suspicious activity, and implement additional security controls such as network segmentation and multi-factor authentication. This incident underscores the critical importance of timely patch management and proactive cybersecurity measures. As cyber threats continue to evolve, organizations must remain vigilant and prioritize the security of their infrastructure to prevent exploitation of known vulnerabilities. The cybersecurity community continues to monitor the situation closely and provide updates on mitigation strategies and threat actor tactics.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 27 Aug 2025 16:55:17 +0000


Cyber News related to Over 28,200 Citrix instances vulnerable to actively exploited RCE bug

CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
8 years ago
CVE-2021-47100 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
2 years ago Bleepingcomputer.com CVE-2023-4966 LockBit
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Over 28,200 Citrix instances vulnerable to actively exploited RCE bug - A critical security vulnerability affecting over 28,200 Citrix instances worldwide has been actively exploited by threat actors, raising significant concerns in the cybersecurity community. The flaw, identified as CVE-2023-4965, is a remote code ...
3 months ago Bleepingcomputer.com CVE-2023-4965
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
2 years ago Bleepingcomputer.com CVE-2023-4966 LockBit
CVE-2024-35292 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
1 year ago Tenable.com
CVE-2024-43647 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
1 year ago
Over 1,200 Citrix servers unpatched against critical auth bypass flaw - While Citrix has yet to confirm that this security flaw is being exploited in the wild, saying that "currently, there is no evidence to suggest exploitation of CVE-2025-5777," cybersecurity firm ReliaQuest reported on Thursday with medium confidence ...
5 months ago Bleepingcomputer.com CVE-2025-5777
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
1 year ago Bleepingcomputer.com CVE-2023-6548 CVE-2023-6549 CVE-2024-0519
Two more Citrix NetScaler bugs exploited in the wild The Register - Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. CVE-2023-6548 could allow remote code execution in the appliances' management interface. It ...
1 year ago Go.theregister.com CVE-2023-6548 CVE-2023-6549
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’ | The Record from Recorded Future News - The bug affects Citrix Netscaler ADC and Netscaler Gateway appliances and the company said exploitation of the vulnerability “on unmitigated appliances have been observed.” Since that advisory, multiple incident responders have warned that the ...
4 months ago Therecord.media CVE-2025-5777
HHS warns of 'Citrix Bleed' attacks after hospital outages - The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as "Citrix Bleed" that is being used in attacks by ransomware gangs. For weeks, cybersecurity experts ...
2 years ago Therecord.media CVE-2023-4966 LockBit
Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
2 years ago Bleepingcomputer.com CVE-2023-4966 LockBit
CVE-2019-13945 - A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All ...
5 years ago
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks - Security researcher Kevin Beaumont has previously stated that repeated POST requests to /doAuthentication.do in NetScaler logs is a good indication that someone is attempting to exploit the flaw, especially when the request includes a Content-Length: ...
4 months ago Bleepingcomputer.com CVE-2025-5777
Citrix warns of new Netscaler zero-days exploited in attacks - Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. The two zero-days impact the Netscaler management interface and expose unpatched ...
1 year ago Bleepingcomputer.com CVE-2023-4966
Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
2 years ago Bleepingcomputer.com CVE-2023-4966
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately - Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The company patched this critical sensitive information disclosure flaw two weeks ago, ...
2 years ago Bleepingcomputer.com CVE-2023-4966 Rocke
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
2 years ago Bleepingcomputer.com CVE-2023-4966 CVE-2023-3966
US Health Dept Urges Hospitals to Patch Critical 'Citrix Bleed' Vulnerability - This week, the US Department of Health and Human Services has warned hospitals of the critical 'Citrix Bleed' Netscaler vulnerability that has been exploited by threat actors in cyberattacks. On Thursday, the department's security team, Health Sector ...
1 year ago Cysecurity.news CVE-2023-4966
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
Critical Citrix Bleed 2 flaw now likely exploited in attacks - "While no public exploitation of CVE-2025-5777, dubbed "Citrix Bleed 2," has been reported, ReliaQuest assesses with medium confidence that attackers are actively exploiting this vulnerability to gain initial access to targeted environments," warns ...
5 months ago Bleepingcomputer.com CVE-2025-5777
Citrix Bleed 2 flaw now believed to be exploited in attacks - "While no public exploitation of CVE-2025-5777, dubbed "Citrix Bleed 2," has been reported, ReliaQuest assesses with medium confidence that attackers are actively exploiting this vulnerability to gain initial access to targeted environments," warns ...
5 months ago Bleepingcomputer.com CVE-2025-5777

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)