CVE-2025-5777

Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-43.56 and prior to 13.1-58.32

Description Citrix NetScaler ADC and Gateway are affected by an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability allows unauthenticated attackers to read memory, potentially exposing sensitive information such as session tokens, and enabling session hijacking and MFA bypass. Active exploitation of this vulnerability, dubbed CitrixBleed 2 (CVE-2025-5777), has been observed, with exploitation attempts detected prior to public disclosure. Multiple reports indicate widespread scanning for vulnerable systems and active exploitation in the wild, including attacks targeting organizations in various sectors. The vulnerability is triggered by malformed POST requests, specifically targeting the

/p/u/doAuthentication.do

endpoint. Over 11.5 million attack attempts and over 3,300 unpatched systems have been reported.

Recommendations Apply the security updates released by Citrix to address the vulnerability. Specifically, upgrade to version 14.1-43.56 or later, or version 13.1-58.32 or later. Terminate all active sessions after patching to prevent the exploitation of potentially compromised sessions.