Intrusion PreventionCitrix.NetScaler.ADC.Gateway.startwebview.Out-of-Bounds.Read
Description
This indicates an attack attempt to exploit an Out-of-Bounds Read Vulnerability in Citrix NetScaler ADC and NetScaler Gateway.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted request. A remote attacker can exploit this to gain unauthorized access to sensitive information.
Outbreak Alert
FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000 detections across IPS sensors globally. The majority of observed attacks are concentrated in the United States, Australia, Germany, and the United Kingdom, with adversaries primarily focusing on high-value sectors such as technology, banking, healthcare, and education.
Affected Products
Citrix NetScaler ADC and NetScaler Gateway 14.1 prior to 14.1-43.56
Citrix NetScaler ADC and NetScaler Gateway 13.1 prior to 13.1-58.32
Citrix NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.235-FIPS and NDcPP
Citrix NetScaler ADC 12.1-FIPS prior to 12.1-55.328-FIPS
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 58380 |
| Created | Jul 02, 2025 |
| Updated | Jul 29, 2025 |
| CVE ID | |
| Tags | Citrix Bleed 2 Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 72.0% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |
| Profile Type | Buffer Errors |