<ul data-eligibleForWebStory="false"><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Citrix NetScaler ADC and Gateway flaw, known as CVE-2025-5777, to its Known Exploited Vulnerabilities catalog.</li><li>The 'CitrixBleed 2' vulnerability with a CVSS v4.0 Base Score of 9.3 allows attackers to steal session cookies, similar to a past critical exploit.</li><li>The flaw impacts NetScaler ADC and Gateway versions before specific fixed versions, exposing memory and potentially sensitive information.</li><li>Citrix recommends updating to mitigate the risk as attacks exploiting CVE-2025-5777 have been observed since mid-June, with federal agencies required to address vulnerabilities by July 11, 2025.</li></ul>

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

Discover more