Skip to content
Breachroad
Back to the blog
Vulnerabilities

CitrixBleed 2 (CVE-2025-5777): a gateway memory leak

CVE-2025-5777 let attackers pull session tokens from Citrix NetScaler gateways, bypassing MFA. We analyse CitrixBleed 2 and the defence.

KR
Karol Rapacz
25 June 2025 · 9 min read
CitrixBleed 2 (CVE-2025-5777): a gateway memory leak

Security history loves to repeat itself. In 2023 the “CitrixBleed” vulnerability (CVE-2023-4966) in Citrix NetScaler gateways let attackers pull session tokens from the device’s memory and was mass-exploited by ransomware groups. In 2025 its spiritual successor arrived: CVE-2025-5777, immediately dubbed CitrixBleed 2. The same class of bug, the same kind of internet-facing device, the same catastrophic consequence — session takeover that bypasses authentication. And, unfortunately, the same mass-exploitation scenario.

What the memory leak is

CitrixBleed 2 is an out-of-bounds read vulnerability — a bug where the application reads more data from memory than it should. By sending a specially crafted request to a NetScaler gateway (configured as a Gateway or AAA), the attacker received in the response fragments of the device’s memory. And in that memory sat the most valuable things: session tokens of active users.

The consequence is brutally simple: with a valid session token, the attacker takes over a logged-in user’s session without knowing their password and without going through MFA. Authentication already happened; the token is its fruit, and stealing it is enough. It’s exactly the same mechanic as the OAuth token theft — strong login doesn’t protect something that operates after the login.

Repeated querying let attackers harvest more chunks of memory, so the attack scaled into a token harvest from an actively used gateway.

Why VPN/gateway appliances are a favourite target

Edge devices — VPN gateways, NetScalers, remote-access concentrators — hold unique value for an attacker because they combine three traits: they’re internet-facing (reachable by anyone), they’re a gateway to the internal network (everything is behind them), and they’re often poorly monitored (treated like a “vendor box”, not a server to watch). That’s why 2025 brought a whole series of critical flaws in such devices — from Ivanti and Fortinet to Citrix. Ransomware groups treat them as a preferred entry route, because one flaw gives them an immediate foothold inside.

Defence: the patch is only the beginning

CitrixBleed 2 teaches that with vulnerabilities that leak secrets, patching alone doesn’t close the matter:

Patch immediately — these are internet-facing gateways. Edge devices need the shortest patch windows in the whole organisation. CISA mandated urgent updates and added CVE-2025-5777 to the KEV catalogue; mass exploitation started fast.

Terminate all active sessions. This is the crucial step many skip. If tokens could have leaked before the patch, patching alone doesn’t invalidate the already-stolen sessions — you must force logout of everyone (kill sessions) after the update. Otherwise an attacker with a previously obtained token keeps operating despite the fix.

Hunt for traces, assuming compromise. Review gateway logs for unusual sessions, impossible-travel logins, out-of-pattern admin activity. It’s standard incident response: with a 0-day under mass exploitation the question is “have we already been taken over”, not “are we vulnerable”.

Reduce exposure for the future. Gateway admin panels should never be reachable from the whole internet; remote access is worth supplementing with phishing-resistant MFA and segmentation, so that taking over the gateway doesn’t immediately mean access to everything (Zero Trust).

Frequently asked questions (FAQ)

We have MFA on remote access. Did CitrixBleed 2 miss us? No, if the gateway was vulnerable and unpatched in the exposure window. A stolen session token represents an already authenticated user, so it bypasses MFA by definition. That’s why MFA alone isn’t enough against this class of flaw — what counts is fast patching and session invalidation.

We patched. Is anything else needed? Yes — terminate all active sessions after the update. Without it, tokens stolen before the patch still work. It’s the most common mistake with this vulnerability: “patched” doesn’t mean “safe” until you invalidate potentially stolen sessions.

How do we check whether someone exploited the flaw at our organisation? Analyse gateway logs for repeated, unusual requests in the exposure window and user sessions from unusual locations/devices. The traces can be subtle — with reasonable suspicion it’s worth commissioning a forensic analysis.

Why do the same bugs keep recurring in gateways? Because they’re complex devices parsing untrusted internet traffic — an ideal environment for memory-handling bugs. The recurrence (CitrixBleed → CitrixBleed 2) shows it’s not enough to patch one instance; you need a fast patching and monitoring process for the whole class of edge devices.

How do we prepare for the next such flaw? Short patch windows for internet-facing systems, an edge-device inventory, monitoring of their logs and a rehearsed playbook (patch → kill sessions → threat hunting). An external-infrastructure penetration test shows what you actually expose and how fast you can respond.

Summary

CitrixBleed 2 (CVE-2025-5777) is a reminder of two truths at once: edge devices are a priority target, and vulnerabilities that leak session tokens bypass even good MFA. The defence isn’t just the patch but also invalidating all sessions and actively hunting for traces of compromise. If you run VPN/gateway appliances and want to know how quickly you respond to such a scenario — let’s check it together.


Sources and further reading: Citrix Security Bulletins, CISA KEV.

Share this article

Services Book a consultation