- Citrixbleed 2 was discovered in mid -June 2025
- But there were reports quickly of abuse in nature
- Cisa now urges FCEB agencies to patch immediately
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added Citrixed 2 to its known exploited vulnerabilities catalog (KEV), alerting the federal agencies of civil branches (FCEB), as well as to other companies, that the error is actively exploited in nature.
On July 10, CISA added CVE-2025-5777 to the catalog, a vulnerability of insufficient entry validation (9.3/10) that leads to the memory overload. It affects the Citrix Netscaler ADC and Netscaler Gateway devices, versions 14.1 and before 47.46, and from 13.1 and before 59.19.
It can be abused from the Netscaler and Netscaler Linking Devices vulnerable to extract confidential memory content, including session tokens, credentials and potentially other user data, without authentication. Given its similarity with an previous Citrix vulnerability called Citrixbleed, security researchers called it Citrixbleed 2.
“Significant risk”
The error was first discovered in mid -June 2025, already early July, there were already reports of abuse in nature.
Citrix launched a patch, but apparently, most of the instances have not yet been paved, presenting a unique opportunity for cybercriminals.
Multiple security researchers, including Reliakest, Watchtowr and Horizon3.AI, have warned users of current exploitation campaigns. Akamai also added that he observed a “drastic increase” in the scan of potentially vulnerable Nescaler points.
Now, CISA also confirmed the reports of attacks in the battle.
“This type of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks for the federal company,” he said in a brief security warning.
What is also interesting is the adjusted deadline that gave FCEB agencies to patch their final points. In general, agencies have 21 days to apply the patch or stop using the completely affected software. In this case, the deadline was, only 24 hours.
Citrix has not yet unequivocally declared that errors were being exploited. However, he urged everyone to apply the patch without delay.
Through Techcrunch
