The cybersecurity community is once again sounding the alarm over a new vulnerability in Citrix NetScaler devices- this time, it’s CVE-2025-5777 , also dubbed CitrixBleed 2. Following in the footsteps of the high-profile CitrixBleed vulnerability (CVE-2023-4966) disclosed in 2023, this newly discovered flaw allows attackers to exploit NetScaler devices to leak sensitive memory content, potentially including session tokens, credentials, or even administrative secrets. In this blog, we’ll explain how this vulnerability works, what we’ve seen so far in the wild, and how organizations using Imperva solutions are already protected. What Is CVE-2025-5777 and How Does It Work? CVE-2025-5777 is a pre-authentication remote memory disclosure vulnerability affecting Citrix NetScaler ADC and Gateway appliances. Assigned a CVSS score of 9.3, this vulnerability enables attackers to leak sensitive memory content by sending specially crafted HTTP requests to a vulnerable Citrix endpoint. At the heart of the flaw is a programming error related to uninitialized memory usage. Specifically, the vulnerability resides in the /p/u/doAuthentication.do endpoint, which handles authentication requests on NetScaler appliances. By sending a malicious HTTP POST request that includes the login parameter, without an accompanying value or equals sign, attackers can trigger the vulnerability. Here’s how it works in practice: An attacker sends an HTTP POST request to /p/u/doAuthentication.do with a…Read More