Researchers have developed proof-of-concept exploits for the critical Citrix NetScaler vulnerability, CVE-2025-5777, highlighting its potential for stealing user session tokens. Although currently not confirmed to be actively exploited, evidence suggests there have been attempts, prompting urgent patching. #CitrixBleed2 #CVE-2025-5777
Keypoints
- The CVE-2025-5777 vulnerability affects Citrix NetScaler ADC and Gateway devices, enabling memory leaks through malformed login requests.
- The flaw is similar to the previous CitrixBleed (CVE-2023-4966) bug, which was exploited in high-profile attacks.
- Exploitation involves sending specific malformed POST requests that leak memory content, including user session tokens.
- Although Citrix claims the vulnerability is not actively exploited, multiple reports indicate ongoing attack attempts and memory dumping activity.
- Citrix has issued patches for this flaw, and organizations are advised to apply updates and review active sessions for suspicious activity.