CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw

U.S. cybersecurity agency CISA says hackers are actively exploiting a critical-rated security flaw in a widely used Citrix product, and has given other federal government departments just one day to patch their systems.

Security researchers have dubbed the bug “Citrix Bleed 2” for its similarity to a 2023 security flaw in Citrix NetScaler, a networking product that large companies and governments rely on for allowing their staff to remotely access apps and other resources on their internal networks. Much like the earlier bug, Citrix Bleed 2 can be remotely exploited to extract sensitive credentials from an affected NetScaler device, allowing the hackers broader access to a company’s wider network.

In an alert on Thursday, CISA said it had evidence that the bug was being actively used in hacking campaigns, adding to the raft of research and findings pointing to widespread exploitation, with some reporting hacks dating back as far as mid-June. Akamai said it saw a “drastic increase” in efforts to scan the internet for affected devices after details of the NetScaler exploit were published earlier this week.

CISA said the NetScaler bug poses a “significant risk” to the federal government’s systems, and ordered federal government agencies to patch any Citrix device affected by the bug by Friday.

For its part, Citrix has not yet acknowledged that the vulnerability is being exploited. The company’s security advisory urges customers to update affected devices as soon as possible. 

Citrix representatives did not respond to TechCrunch’s request for comment.

Topics