CVE-2025-5777

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-43.56 and prior to 13.1-58.32

Description Citrix NetScaler ADC and Gateway are affected by an out-of-bounds read vulnerability due to insufficient input validation when handling login parameters. This allows unauthenticated remote attackers to read sensitive memory content, potentially including session tokens, and bypass multi-factor authentication. Active exploitation of this issue, dubbed “CitrixBleed 2” (CVE-2025-5777), has been observed, with exploitation occurring before public proof-of-concept exploits were released. The vulnerability is triggered by sending specially crafted POST requests to the

/p/u/doAuthentication.do

endpoint without a value assigned to the

login

parameter. Multiple threat actors are actively exploiting this vulnerability, and over 1,200 systems remain unpatched. The Pennsylvania Attorney General’s office was impacted by a cyberattack potentially exploiting this flaw.

Recommendations Apply the latest security updates for Citrix NetScaler ADC and NetScaler Gateway. Specifically, upgrade to version 14.1-43.56 or later, or version 13.1-58.32 or later. Terminate all ICA and PCoIP sessions after patching to prevent hijacked sessions from persisting.