Threat Spotlight: CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds - ReliaQuest

Citrix has issued urgent guidance addressing CVE-2025-5777—a critical vulnerability in NetScaler ADC and Gateway devices that enables attackers to bypass multifactor authentication and hijack active sessions. Although public proof of exploitation is not yet available, ReliaQuest reports credible indicators of active exploitation, including session reuse and domain reconnaissance. Dubbed “Citrix Bleed 2” due to its similarity to the devastating 2023 flaw, this new vulnerability exposes authentication tokens via out-of-bounds memory reads, allowing persistent unauthorized access. Citrix urges immediate patching and active session termination, especially as older versions (12.1 and 13.0) have reached end-of-life.