Citrix shipped CitrixBleed again

watchTowr titled their advisory “How Much More Must We Bleed?” It is a fair question. CVE-2025-5777 is structurally identical to CVE-2023-4966, the original CitrixBleed, which LockBit used to breach Boeing. Same product, same binary, same pre-auth attack surface, same bug class, same consequence: unauthenticated attackers harvest session tokens from memory and bypass MFA entirely. Two years between disclosures. Citrix’s own post-patch guidance for the new one still doesn’t invalidate the tokens attackers actually steal. The fix for the original had the same gap, and Mandiant published detailed remediation at the time. Citrix apparently didn’t read it either.

What leaked and how

The vulnerability is an uninitialized variable in the nsppe binary, specifically at the /p/u/doAuthentication.do endpoint. A malformed POST request containing a login key with no value causes the binary to return approximately 127 bytes of uninitialized stack memory per request. That memory contains active session tokens, nsroot administrator tokens, and in some cases plaintext credentials. CWE-125 (out-of-bounds read) and CWE-457 (use of uninitialized variable). CVSS 9.3 under v4, 7.5 under v3.1.

No credentials required. No user interaction. Pre-authentication. Bypasses MFA entirely because the attacker never authenticates; they harvest tokens from processes that already did.

The original CitrixBleed, CVE-2023-4966, worked the same way. Memory handling error in nsppe. Pre-auth endpoint. Session tokens in the leaked bytes. MFA bypass by design. The fix for CVE-2025-5777 is buffer-zeroing code and a conditional bitwise check. This is a point fix for one instance of a systemic problem, applied to a binary that has produced eight instances in 30 months.

The session-kill gap

Citrix’s remediation guidance tells administrators to run kill icaconnection -all and kill pcoipConnection -all after patching. Horizon3.ai found that NSC_AAAC cookies, the authentication session cookies that attackers actually steal, are not invalidated by those commands. Patching and following Citrix’s own guidance leaves stolen tokens valid.

This is the same incomplete remediation that plagued CitrixBleed 1 in 2023. Mandiant published detailed guidance at the time explaining that all active sessions needed to be rotated. Two years later, Citrix ships the same failure mode with the same incomplete post-patch instructions. If you’re keeping score: the vendor advisory for a session-token-leaking vulnerability does not tell you to invalidate session tokens.

If you have patched but only ran the commands Citrix recommended, you have not finished remediating.

The CVE ledger

Not a one-off. A pattern with timestamps.

CVE-2023-3519 (July 2023): Remote code execution in NetScaler ADC and Gateway. Memory handling. Pre-auth. CISA emergency directive.

CVE-2023-4966 (October 2023): CitrixBleed. Memory disclosure in NetScaler. Pre-auth. LockBit used it to breach Boeing. Tens of thousands of appliances remained unpatched weeks after disclosure.

CVE-2023-6548 and CVE-2023-6549 (January 2024): Two more zero-days in NetScaler. Both exploited in the wild at disclosure.

CVE-2025-5777 (June 2025): CitrixBleed 2. Memory disclosure. Pre-auth. Same binary, same endpoint class, same token leakage. RansomHub attributed. Zero-day exploitation began mid-June, roughly two weeks before the public proof-of-concept dropped on July 4.

CVE-2025-7775, CVE-2025-7776, CVE-2025-8424 (later 2025): Three more memory handling vulnerabilities in NetScaler. The assembly line continued.

Eight CVEs in 30 months. All memory handling defects. All in the unauthenticated Gateway path. All in the same product line. Cloud Software Group, Citrix’s parent company, signed CISA’s Secure by Design pledge. There is no public roadmap for a memory-safe rewrite of nsppe. The pledge is a press release. The CVE ledger is the product.

The exploitation math

Zero-day exploitation of CVE-2025-5777 began in mid-June 2025. CISA added it to the Known Exploited Vulnerabilities catalog on July 10. Imperva reported 11.5 million attack attempts. Censys identified 69,000 exposed NetScaler instances globally. Financial services absorbed 39.1% of targeting.

RansomHub, the group linked to early exploitation IPs by CISA, ran the same playbook LockBit used in 2023: harvest tokens, hijack sessions, move laterally, deploy ransomware. LockBit’s version worked because organizations patched but didn’t rotate sessions. RansomHub’s version works for the same reason, two years later, because Citrix’s own guidance still doesn’t cover session rotation comprehensively. The ransomware groups are learning from prior campaigns faster than the vendor is learning from prior CVEs.

What you should actually do

Patch immediately. NetScaler ADC and Gateway 14.1: update to 14.1-47.46 or later. NetScaler 13.1: update to 13.1-59.19 or later. NetScaler 13.1-FIPS/NDcPP: update to 13.1-37.236 or later. NetScaler 12.1-FIPS: update to 12.1-55.328-FIPS.

If you are running 12.1 or 13.0 non-FIPS: no patch exists. Those versions are end-of-life. Upgrade or disconnect from the network. There is no third option.

After patching, invalidate all sessions. Not just the ones Citrix’s guidance covers. All of them. Every active session, every stored token, every cookie. The kill icaconnection and kill pcoipConnection commands do not invalidate NSC_AAAC cookies. Reboot the appliance after patching to force a full session teardown.

Treat any sessions active since June 23 as potentially compromised. If you can’t confirm when exploitation began in your environment, assume it started when the zero-day campaign did. Hunt for lateral movement from the appliance. Check for new accounts, modified configurations, and unexpected outbound connections.

69,000 exposed instances is not an abstract number. It is a count of organizations whose network perimeter authentication device is reachable and running software with a known, exploited, pre-auth vulnerability. If your NetScaler is in that count, patching is not optional and it is not next quarter’s problem.

The pledge and the product

Citrix will eventually patch CVE-2025-5777 out of the headlines. The nsppe binary will still be written in a memory-unsafe language, processing unauthenticated input, on the network perimeter. The Secure by Design pledge says that should change. The CVE ledger says when.

PatchDay Alert tracks these patterns across vendors because individual CVEs age out of the news cycle but the structural problems that produce them do not. CitrixBleed 3 is not a question of whether. It’s a question of which quarter.