CitrixBleed 2 Vulnerability PoC Published – Experts Warn of Mass Exploitation Risk

A newly published proof-of-concept (PoC) for the critical CitrixBleed 2 vulnerability (CVE-2025-5777) has sent shockwaves through the cybersecurity community, with experts warning of imminent mass exploitation risks for organizations using Citrix NetScaler ADC and Gateway devices.

The Vulnerability: CitrixBleed 2 (CVE-2025-5777)

Dubbed “CitrixBleed 2” for its eerie resemblance to the notorious CitrixBleed flaw of 2023, CVE-2025-5777 is an out-of-bounds memory read vulnerability.

It allows unauthenticated attackers to extract sensitive information—including authentication tokens—directly from the memory of affected appliances.

If exploited, attackers can bypass multi-factor authentication (MFA), hijack user sessions, and gain unauthorized access to critical systems.

The flaw specifically impacts Citrix NetScaler ADC and Gateway devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or as an AAA virtual server. The vulnerability is rated with a CVSS score of 9.3, underscoring its criticality.

PoC Released

Security researchers, after initially withholding technical details, have ...