Ongoing intrusions involving the CitrixBleed 2 vulnerability, tracked as CVE-2025-5777, were discovered by the Shadowserver Foundation to potentially compromise 3,312 Citrix NetScaler appliances almost two months following the issuance of patches, according to BleepingComputer.
Threat actors could harness the out-of-bounds memory read flaw to exfiltrate session tokens and credentials that could be leveraged for subsequent user session takeovers and multi-factor authentication evasion. On the other hand, more than 4,100 NetScaler instances remain vulnerable to the critical memory overflow issue, tracked as CVE-2025-6543. Attacks with CVE-2025-6543 were reported by the Dutch National Cyber Security Centre to have impacted several critical infrastructure entities across the Netherlands since May. "The NCSC assesses the attacks as the work of one or more actors with an advanced modus operandi. The vulnerability was exploited as a zero-day, and traces were actively removed to conceal compromise at affected organizations," said the NCSC.
Threat actors could harness the out-of-bounds memory read flaw to exfiltrate session tokens and credentials that could be leveraged for subsequent user session takeovers and multi-factor authentication evasion. On the other hand, more than 4,100 NetScaler instances remain vulnerable to the critical memory overflow issue, tracked as CVE-2025-6543. Attacks with CVE-2025-6543 were reported by the Dutch National Cyber Security Centre to have impacted several critical infrastructure entities across the Netherlands since May. "The NCSC assesses the attacks as the work of one or more actors with an advanced modus operandi. The vulnerability was exploited as a zero-day, and traces were actively removed to conceal compromise at affected organizations," said the NCSC.
