Researchers have released proof-of-concept exploits for the CitrixBleed2 vulnerability (CVE-2025-5777) affecting Citrix NetScaler devices, which can allow attackers to steal user session tokens through malformed POST requests. Despite Citrix's claims that the flaw is not actively exploited, evidence from cybersecurity experts suggests that attacks have been occurring since mid-June. Organizations are urged to apply patches immediately to mitigate the risk.