Critical CitrixBleed 2 vulnerability has been under active exploit for weeks
A critical vulnerability in Citrix network management devices, tracked as CVE-2025-5777, is actively being exploited by hackers to bypass multifactor authentication, contrary to vendor advisories. This vulnerability is similar to CVE-2023-4966, known as CitrixBleed, which compromised 20,000 Citrix devices previously. Companies affected by CitrixBleed include Boeing, DP World, Commercial Bank of China, and Comcast, where 36 million Xfinity customer data was stolen. The vulnerability affects Citrix’s NetScaler devices, causing them to leak memory contents when receiving modified requests over the Internet.
Ars Technica•