CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands

Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of users still haven't patched.

CVE-2025-5777 is a 9.3 CVSS-rated security flaw that allows remote, unauthenticated attackers to read sensitive info — such as session tokens — in memory from NetScaler devices configured as a gateway (such as a VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Miscreants can abuse this vuln to bypass multi-factor authentication (MFA), hijack user sessions, and access critical systems.

The vendor disclosed and issued a patch for CVE-2025-5777 last month, but despite multiple reports indicating in-the-wild exploitation, plus proof-of-concept (POC) exploits, Citrix still hasn't responded to The Register's inquiries about the bug and the scope of the attacks.

It all sounds very similar to an earlier flaw, dubbed CitrixBleed, which also allowed ...