A critical vulnerability in Citrix's network management devices has been actively exploited for more than a month, despite the vendor's advisories stating otherwise.
The vulnerability, tracked as CVE-2025-5777, is similar to a previous flaw known as CitrixBleed, which led to the compromise of 20,000 Citrix devices two years ago.
Citrix disclosed the newer vulnerability and released a patch on June 17 but stated they were 'currently unaware of any evidence of exploitation', while researchers found evidence of active exploitation since at least June 23.
Security firms have criticized Citrix for withholding indicators that could help customers determine if their networks are under attack, stating that merely patching vulnerable devices is not enough and that customers should look for signs of compromise.