CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds

Citrix published advisories for two critical NetScaler vulnerabilities—CVE-2025-6543 (DoS, actively exploited) and CVE-2025-5777 (out-of-bounds read dubbed “Citrix Bleed 2” that exposes session tokens allowing MFA bypass and session hijacking). ReliaQuest reports indicators consistent with exploitation (hijacked sessions, session reuse across IPs, LDAP queries, ADExplorer64 activity), and Citrix recommends immediate patching to specified versions, terminating active sessions, restricting access via ACLs/firewalls, and monitoring for anomalous session behavior.