<ul data-eligibleForWebStory="true"><li>Citrix has disclosed a critical-severity bug in Citrix NetScaler ADC and Gateway instances, urging users to patch up as soon as possible.</li><li>The vulnerability, dubbed 'CitrixBleed 2' by independent researchers, is actively being exploited by hackers to gain access to targeted environments.</li><li>The bug is described as an insufficient input validation vulnerability tracked as CVE-2025-5777, affecting versions 14.1 and before 47.46, and from 13.1 and before 59.19.</li><li>Citrix has provided a fix for the vulnerability and advised users to apply it promptly to mitigate risks. The flaw is similar to a previously exploited Citrix vulnerability known as 'CitrixBleed' from late 2023.</li></ul>

CitrixBleed 2 flaws are officially here - so get patching or leave your systems at risk

Discover more