CVE-2024-6235, informally referred to as Citrix Bleed 2, was disclosed by Cloud Software Group in mid-2024 as a high-severity information disclosure vulnerability in NetScaler ADC and NetScaler Gateway appliances. The naming was inevitable: the vulnerability echoed the structure of the original Citrix Bleed, CVE-2023-4966, which had caused widespread breaches in late 2023. The followup is worth examining because the response pattern showed both improvements over the original and persistent failures that should concern any team operating NetScaler infrastructure.
This post covers the technical details, the differences from the 2023 original, the exploitation timeline, and the implications for organizations that continue to operate NetScaler as a strategic component of their remote access architecture.
What did the vulnerability actually expose?
CVE-2024-6235 was a memory disclosure vulnerability in how NetScaler ADC and Gateway appliances handled specific HTTP requests against the management and authentication interfaces. By sending a crafted request, an unauthenticated attacker could cause the appliance to return memory contents beyond the intended response, leaking sensitive runtime state. The leaked memory commonly contained session tokens for currently authenticated VPN and management users, partial credentials, and configuration secrets. The mechanism resembled the original Citrix Bleed in that it exploited a buffer handling flaw in HTTP response generation, but the specific code path was distinct and the patch from the 2023 incident did not protect against it. Affected versions included NetScaler ADC and Gateway 14.1 builds before 14.1-21.50, 13.1 builds before 13.1-55.34, and several FIPS and NDcPP branches. The fix involved corrected length handling in the response generation routine and additional validation of internal buffer boundaries.
How did it differ from the original Citrix Bleed?
The differences mattered for both attackers and defenders. The original CVE-2023-4966 leaked memory regions that frequently contained AAA session tokens, allowing direct session hijacking. CVE-2024-6235 leaked different memory regions on average, with session tokens appearing less frequently but configuration credentials and partial private key material appearing more often. The exploitation primitive was slightly more complex, requiring multiple requests to assemble a usable payload, which initially gave defenders more time before mass exploitation kicked in. Cloud Software Group's response was also faster: patches were available at the time of disclosure rather than weeks later, and the advisory included more complete remediation guidance including explicit session termination steps. Mandatory firmware update enforcement features that had been added to NetScaler after the 2023 incident also accelerated patching among customers using the centralized management interface.
What was the exploitation pattern?
Exploitation followed disclosure within days but at lower intensity than the 2023 original. Multiple commercial threat intelligence firms reported scanning activity against NetScaler appliances within 48 hours of public disclosure, but confirmed exploitation in mass-scanning campaigns did not reach the same scale. Targeted exploitation by state-aligned groups was confirmed, including activity attributed to Iranian and Chinese threat actors against specific government and defense industrial base targets. Ransomware groups including a faction of the LockBit reformation incorporated the CVE into their initial access toolchains by August 2024, contributing to a baseline of opportunistic exploitation. CISA added the CVE to KEV within three weeks, and federal patching deadlines passed with relatively complete compliance for the federal civilian agencies, an improvement over the 2023 response. The total tracked incidents were in the low hundreds rather than the thousands seen with the original Citrix Bleed.
What did patching and recovery look like?
The patching response was faster but still incomplete. Public scan data three months after disclosure showed approximately 18% of internet-exposed NetScaler appliances still running vulnerable firmware, compared to roughly 35% at the equivalent point after the 2023 disclosure. The residual unpatched population included a significant share of NetScaler appliances at smaller organizations and managed service provider deployments where the maintenance authority was ambiguous. A specific risk emerged from organizations that patched but did not invalidate existing sessions: leaked session tokens from pre-patch exploitation remained usable until the natural session expiration, which on NetScaler defaults to multiple days. Several confirmed compromises in late 2024 traced to session tokens stolen before patches were applied but used after. The lesson is that patching closes the leak but does not invalidate the data already exfiltrated, and post-patch session termination is non-negotiable.
What implications follow for NetScaler operators?
The implications are mostly operational rather than strategic. NetScaler remains a meaningful component of many enterprise remote access architectures, and replacing it is a multi-year project. The realistic posture is to operate NetScaler with heightened scrutiny: aggressive patching cadence, network-level restrictions on the management interfaces, complete session invalidation after any security advisory, and active monitoring for anomalous authentication patterns. The 2023 and 2024 CVEs together exposed thousands of session tokens in the wild, and several incidents in 2025 traced back to credentials harvested in those earlier disclosures. Organizations should also reconsider whether NetScaler is the right authentication boundary at all: zero-trust architectures that authenticate per-request reduce the value of a leaked session token because the token alone is not sufficient for sustained access. The decision is not urgent for most teams, but it is worth including in roadmaps for the next infrastructure refresh cycle.
How Safeguard Helps
Safeguard's approach to information disclosure CVEs like Citrix Bleed 2 starts with appliance inventory accuracy. Our network integration captures NetScaler ADC and Gateway firmware versions, build numbers, and configuration metadata across distributed deployments. Griffin AI correlates appliance inventory with internet exposure, authentication configuration, and observed scanning activity, prioritizing the specific appliances that match active exploitation patterns. Policy gates evaluate edge appliance configurations against best-practice baselines including session lifetime, management interface exposure, and certificate-based authentication. Our threat intelligence feed surfaces emerging NetScaler advisories and their exploitation signals within hours, with explicit guidance on post-patch session invalidation. TPRM scoring includes appliance vendor patching responsiveness on critical CVEs as a leading indicator of overall posture, supporting decisions about long-term reliance on incumbent vendors.