Bleeping Computer reports:
A critical NetScaler ADC and Gateway vulnerability dubbed “Citrix Bleed 2” (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices.
Citrix Bleed 2, named by cybersecurity researcher Kevin Beaumont due to its similarity to the original Citrix Bleed (CVE-2023-4966), is an out-of-bounds memory read vulnerability that allows unauthenticated attackers to access portions of memory that should typically be inaccessible.
This could allow attackers to steal session tokens, credentials, and other sensitive data from public-facing gateways and virtual servers, enabling them to hijack user sessions and bypass multi-factor authentication (MFA).
Citrix’s advisor also confirms this risk, warning users to end all ICA and PCoIP sessions after installing security updates to block access to any hijacked sessions.
Read more at Bleeping Computer.
