A critical vulnerability in Citrix NetScaler, tracked as CVE-2025-6543, has been exploited to breach multiple critical organizations in the Netherlands, allowing attackers to achieve remote code execution. The Netherlands' National Cyber Security Centre warns that the flaw, initially thought to cause denial of service attacks, has been actively exploited since early May, with successful attacks resulting in the erasure of evidence. Organizations are urged to upgrade their systems to mitigate risks associated with this zero-day vulnerability.

Researchers have released proof-of-concept exploits for the CitrixBleed2 vulnerability (CVE-2025-5777) affecting Citrix NetScaler devices, which can allow attackers to steal user session tokens through malformed POST requests. Despite Citrix's claims that the flaw is not actively exploited, evidence from cybersecurity experts suggests that attacks have been occurring since mid-June. Organizations are urged to apply patches immediately to mitigate the risk.

Over 1,200 Citrix NetScaler ADC and Gateway appliances remain unpatched against the critical CVE-2025-5777 vulnerability, which allows attackers to hijack user sessions and bypass authentication. Despite Citrix's assertion that there is no evidence of exploitation, cybersecurity firms report medium confidence that the flaw is being actively targeted. Administrators are urged to apply patches and monitor for suspicious activity on their systems.