Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway

On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on June 17, is a critical-severity out-of-bounds read caused by insufficient input validation. It has been labeled … CVE-2025-5777: Critical Information Disclosure Vulnerabili…

MFA? Irrelevant. CitrixBleed 2 Lets Hackers Take Over Without Logging In

Citrix has disclosed two high-impact vulnerabilities—CVE-2025-5777 (dubbed CitrixBleed 2) and CVE-2025-5349—affecting NetScaler ADC and Gateway appliances. These flaws, particularly CitrixBleed 2, enable unauthenticated attackers to extract sensitive session data directly from memory, potentially allowing for complete session hijacking, MFA bypass, and unauthorized access to enterprise networks. Understanding the Vulnerabilities CVE-2025-5777 – …

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January

Researchers uncover weak encryption in SAP user interface for Windows and Java - SiliconANGLE

SAP SE today addressed two newly disclosed vulnerabilities in its SAP Graphical User Interface client applications following their discovery in coordinated research by Pathlock Inc. and Fortinet Inc. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056, involved weak or absent encryption in the input history function of SAP GUI for Windows and SAP GUI for Java, […] The post Researchers uncover weak encryption in SAP user interface for…

SAP GUI flaws expose sensitive data via weak or no encryption

SAP GUI, a trusted interface for hundreds of thousands of global enterprises, has been found to be storing sensitive user data with outdated encryption, potentially allowing data breaches. According to Pathlock researcher Jonathan Stross and Fortinet’s Julian Petersohn, a couple of information disclosure vulnerabilities affect the product’s user input history feature in its Windows (CVE-2025-0055) and Java (CVE-2025-0056) versions. The newly dis…