Citrix Bleed 2 under active attack, reports suggest

A freshly-discovered vulnerability in the perennially under-fire Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway appliances, that has been compared to 2023’s Citrix Bleed flaw in its severity, now appears to be coming under attack by undisclosed threat actors, security analysts say.

Assigned a critical CVSS score of 9.3, CVE-2025-5777 is, technically speaking, an out-of-bounds read flaw arising from insufficient input validation. Dubbed Citrix Bleed 2 by independent researcher Kevin Beaumont, CVE-2025-5777 is reportedly similar to Citrix Bleed, CVE-2023-4966, in that its ultimate effect is to allow an attacker to hijack authenticated sessions and bypass multifactor authentication (MFA) by stealing valid session tokens from the NetScaler device’s memory.

The original Citrix Bleed vulnerability proved a highly effective tool for cyber criminals and was exploited by some of the most prominent ransomware gangs at the time – including LockBit – so the message to security leaders and defenders upon the discovery of this latest flaw is to waste no time and patch immediately.

However, this guidance may already come too late for some organisations, for according to intelligence shared by the ReliaQuest threat research team, threat actors are already starting to pile on.

“While no public reporting of exploitation for this vulnerability has emerged, ReliaQuest has observed indications of exploitation to gain initial access,” the ReliaQuest team said. “ReliaQuest assesses with medium confidence that attackers are actively exploiting this vulnerability to gain initial access to targeted environments.

“Citrix recommends patching affected systems to the latest versions and terminating active sessions to mitigate session hijacking and further risks of exploitation.”

Most notably, said ReliaQuest, its analysts have gathered evidence of multiple hijacked Citrix web sessions from NetScaler devices in which authentication appears to have been granted without user knowledge – a very clear indication that possible MFA bypass has occurred.

It has also seen evidence of sessions reuse spanning multiple IPs, including combinations of expected and suspicious IPs; Lightweight Directory Access Protocol (LDAP) queries associated with potential recon of Active Directory setups; and multiple instances in which the ‘ADExplorer64.exe’ tool has been seen in user environments both querying domain-level groups and permissions and connecting to multiple domain controllers.

Finally, the ReliaQuest team said, they are also observing a noteworthy number of Citrix sessions coming from datacentre-hosting IP addresses, suggesting the possible use of consumer VPN services.

All of these points – alone or in combination – could indicate that a threat actor is enumerating a potential victim environment, and defenders should be on the lookout for them.

NetScaler ADC and Gateway users should be sure to update to the latest versions per Citrix’s advisory, and having done so it is also highly recommended they run a series of commands to terminate active ICA and PCoIP sessions.

Writing on LinkedIn, Charles Carmakal, chief technology officer at Google Cloud’s Mandiant said this latter point was particularly important for defenders to bear in mind.

He recalled how at the height of the first Citrix Bleed incident, many victims found that despite patching, session secrets had already been stolen and so the attackers were able to retain access despite the appliances being, to all intents and purposes, fixed. This led to a greater number of compromises than might otherwise have occurred.