CitrixBleed 2 exploits are now in the wild, so patch now

• CitrixBleed 2 was discovered in late June 2025
• The majority of instances have not yet been patched
• Security researchers are warning the bug is likely being exploited already

CitrixBleed 2, a vulnerability in Citrix NetScaler ADC and NetScaler Gateway, is now being actively exploited in the wild, multiple researchers have warned.

Security researchers recently found a critical-severity vulnerability in these instances which could allow threat actors to hijack user sessions and gain access to targeted environments.

The flaw, described as an insufficient input validation vulnerability that leads to memory overread, is tracked as CVE-2025-5777, and affects device versions 14.1 and before 47.46, and from 13.1 and before 59.19. Given its similarity to a previous Citrix vulnerability called CitrixBleed, security researchers dubbed it CitrixBleed 2.