Tenable’s Research Special Operations (RSO) team has compiled a blog to answer Frequently Asked Questions (FAQ) regarding CVE-2025-5777 and CVE-2025-6543, two Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild. 

CVE-2025-5777 is an out-of-bounds read vulnerability affecting Citrix NetScaler ADC and Gateway. Successful exploitation of this vulnerability would allow an attacker to read memory on an affected device, giving the attacker access to sensitive data including session tokens. These session tokens can be used to bypass multi-factor authentication (MFA) and allow the attacker to take over an authenticated session. This flaw has been dubbed as “CitrixBleed 2” due to its similarities to CVE-2023-4966, also known as CitrixBleed.

CVE-2025-6543 is a denial-of-service (DoS) vulnerability resulting from a memory overflow issue. At present time, reports indicate that both of these vulnerabilities have been exploited in the wild.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.