Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

NetScaler ADC and Gateway / Cisco ISE exploited zero-day flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-5777 and CVE-2025-20337 were exploited as zero-days against NetScaler ADC and Gateway and Cisco ISE, creating pre-disclosure compromise risk before fixes were broadly available. The activity mattered because attackers used the flaws to deploy custom malware and gain high-privilege access on vulnerable systems. One flaw, Citrix Bleed 2, was an out-of-bounds memory read issue, while the Cisco ISE bug enabled pre-auth abuse of vulnerable endpoints.

Related Happenings

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

Open Happening

Interlock Cisco Secure Firewall Management Center zero-day exploitation wave

Exploitation Wave
First: 18.03.2026 18:53 Last: 18.03.2026 18:53 Sources 1

About this happening: A **zero-day exploitation wave** tied to **Interlock** has been hitting **Cisco Secure Firewall Management Center (FMC)**, putting **enterprise firewalls** at risk before patching...

Open Happening

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Open Happening

Cisco ISE and ISE-PIC XML parsing arbitrary file read security flaw (CVE-2026-20029)

Vulnerability
First: 08.01.2026 11:13 Last: 08.01.2026 11:13 Sources 1

About this happening: Cisco has patched **CVE-2026-20029** in **ISE** and **ISE-PIC**, closing an **XML parsing** flaw that could let an attacker with **valid administrative credentials** read **arbitr...

Open Happening

Cisco ISE and Citrix NetScaler ADC zero-day malware delivery campaign

Campaign
First: 12.11.2025 16:00 Last: 12.11.2025 16:00 Sources 1

About this happening: A **zero-day exploitation campaign** against **Cisco ISE** and **Citrix NetScaler ADC** is delivering **custom malware** into enterprise identity and network access control infras...

Open Happening

Timeline

  1. 12.11.2025 16:00 2 articles · 6mo ago

    Amazon reports zero-day exploitation of Citrix and Cisco flaws

    Initial Disclosure

    Amazon said an advanced threat actor used CVE-2025-5777 in NetScaler ADC and Gateway and CVE-2025-20337 in Cisco Identity Service Engine (ISE) as zero-days to deploy custom malware, and Amazon Threat Intelligence shared an anomalous payload with Cisco that targeted a previously undocumented ISE endpoint using vulnerable deserialization logic.

    Show sources
    Open in new tab
  2. 28.07.2025 03:00 1 articles · 10mo ago

    Bobby Gould publishes CVE-2025-20337 exploit details

    Technical Analysis Update

    Researcher Bobby Gould published technical details for CVE-2025-20337 in Cisco Identity Service Engine (ISE), including an exploit chain for the vulnerability.

    Show sources
    Open in new tab
  3. 17.07.2025 03:00 1 articles · 10mo ago

    Cisco warns on CVE-2025-20337 in Cisco ISE

    Initial Disclosure

    Cisco warned that CVE-2025-20337 in Cisco Identity Service Engine (ISE) could let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices.

    Show sources
    Open in new tab