The US Cybersecurity and Infrastructure Security Agency confirmed that CVE-2025-5777, known as CitrixBleed 2, is currently being exploited to hijack user sessions.
The critical security flaw allows attackers to read sensitive information from NetScaler devices without authentication, posing significant risks.
Citrix issued a fix for the vulnerability on June 17, but researchers have discovered working exploits that bypass multi-factor authentication and access critical systems.
Security researchers have observed a rise in vulnerability scanner traffic and threat actors targeting vulnerable systems, highlighting the ease of exploitation and potential consequences of the flaw.