Keypoints
- The vulnerability CVE-2025-5777 affects Citrix NetScaler devices running certain versions prior to updates released on June 17.
- CISA has added this flaw to its Known Exploited Vulnerabilities catalog, requiring urgent mitigation by federal agencies.
- Security researchers warn that the flaw is similar to the highly exploited CitrixBleed (CVE-2023-4966) vulnerability.
- Active exploitation of CitrixBleed 2 has been confirmed, with multiple exploits published in the wild.
- Mitigation includes updating firmware, disconnecting compromised sessions, and restricting external access until patches are applied.