CVE-2025-5777

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-43.56 and 13.1-58.32

Description This is a critical vulnerability (CVE-2025-5777), also known as CitrixBleed 2, that allows for memory leakage in Citrix NetScaler ADC and Gateway appliances. The vulnerability stems from insufficient input validation, specifically when processing POST requests with a missing value for the

login

parameter. This allows unauthenticated attackers to read sensitive data from the system's memory, including session tokens, potentially leading to session hijacking and unauthorized access. Active exploitation of this vulnerability has been observed, with attackers targeting systems globally. Multiple public exploits and detection signatures are available. Some reports indicate exploitation began before public disclosure. Over 11.5 million attack attempts and over 120,000 exposed systems have been reported. CISA has added this vulnerability to its KEV catalog, mandating federal agencies to patch within 24 hours. Several organizations, including the Pennsylvania Attorney General's office, have been impacted by attacks exploiting this flaw.

Recommendations Apply the latest security updates for Citrix NetScaler ADC and NetScaler Gateway, specifically versions 14.1-43.56 or later, and 13.1-58.32 or later. Terminate all active sessions after patching to prevent the use of potentially compromised session tokens. Rotate any sensitive credentials, such as SSO and LDAP credentials, as a precautionary measure.