Researchers have released proof-of-concept exploits for the CitrixBleed2 vulnerability (CVE-2025-5777) affecting Citrix NetScaler devices, which can allow attackers to steal user session tokens through malformed POST requests. Despite Citrix's claims that the flaw is not actively exploited, evidence from cybersecurity experts suggests that attacks have been occurring since mid-June. Organizations are urged to apply patches immediately to mitigate the risk.

Over 1,200 Citrix NetScaler ADC and Gateway appliances remain unpatched against the critical CVE-2025-5777 vulnerability, which allows attackers to hijack user sessions and bypass authentication. Despite Citrix's assertion that there is no evidence of exploitation, cybersecurity firms report medium confidence that the flaw is being actively targeted. Administrators are urged to apply patches and monitor for suspicious activity on their systems.