BleepingComputer reports that vulnerable Citrix NetScaler ADC and Gateway systems impacted by the critical CitrixBleed 2 flaw, tracked as CVE-2025-5777, have been subjected to attacks almost two weeks before the release of proof-of-concept exploits on July 4.
Threat actors with China-based IP addresses commenced the exploitation of CitrixBleed 2 on June 23, according to GreyNoise, which was able to monitor previous attempted abuse of the flaw after adding a tag on July 7. Intrusions involving the security issue which could allow the delivery of malformed POST requests to affected devices due to inadequate input validation have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog last week, with the agency urging federal agencies to remediate the bug within 24 hours. However, active exploitation was belatedly acknowledged by Citrix, which provided indicators of compromise for CitrixBleed 2 only earlier this week.
Threat actors with China-based IP addresses commenced the exploitation of CitrixBleed 2 on June 23, according to GreyNoise, which was able to monitor previous attempted abuse of the flaw after adding a tag on July 7. Intrusions involving the security issue which could allow the delivery of malformed POST requests to affected devices due to inadequate input validation have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog last week, with the agency urging federal agencies to remediate the bug within 24 hours. However, active exploitation was belatedly acknowledged by Citrix, which provided indicators of compromise for CitrixBleed 2 only earlier this week.
