Pular para o conteúdo principal
Close
Security

CitrixBleed 2: Same Binary, Same Bug, Same Leaked Memory

Gabriel Ferraresi· CEO | Tech86July 12, 20264 min
securitycitrixbleednetscalermfa-bypasssession-hijackingcisa-kevwafedr
  1. CitrixBleed. Buffer over-read in the NetScaler nsppe binary. NSC_AAAC tokens leaked from memory. MFA bypassed. LockBit 3.0 compromised Boeing and ICBC. Two years later, the same binary. Same class of bug. Same impact. We have tracked this pattern since the first wave and it repeats with a precision that should no longer surprise — yet still does.

CitrixBleed 2: the same bug, two years later

CitrixBleed 2, CVE-2025-5777, CVSS 9.3 — coined by Kevin Beaumont in June 2025 — is the direct continuation of the 2023 incident. The endpoint changed: doAuthentication.do instead of openid-configuration. The mechanism changed: uninitialized variable instead of snprintf return misuse. What did not change is what matters: the NSC_AAAC token in memory leaks, the session is hijacked, and MFA becomes irrelevant after the token was issued.

The bug class is the same: buffer over-read in the NetScaler nsppe binary. Memory that should be discarded is read and exposed in the HTTP response. The attacker does not need to break encryption — they read the token straight from the appliance's memory. MFA protected authentication, but once the token exists, it is the only thing that matters. And the token is in memory, readable.

The historical parallel is exact. In 2023, the original CitrixBleed (CVE-2023-4966) let attackers read NSC_AAAC tokens out of nsppe's memory and hijack authenticated sessions. LockBit 3.0 used that access to compromise Boeing and ICBC — two of the largest breaches of the year. CitrixBleed 2 is the same story with a new CVE number: same binary, same memory leak, same session hijacking, same MFA bypass after token issuance.

The twist that changes everything: patching does not fix it

The detail that separates CitrixBleed 2 from an ordinary vulnerability is that patching does not resolve it. Tokens stolen before the patch remain valid after it. The hijacked session survives the upgrade. The attacker who captured the NSC_AAAC token the week before the patch keeps access even after the appliance is updated.

It is mandatory to terminate all active sessions: kill aaa session -all, kill icaconnection -all, RDP, SSH, PCoIP. Rotate RADIUS, LDAP, SAML. The patch is the beginning of remediation, not the end. Treating the upgrade as the finish line is the mistake that keeps the door open for the attacker who is already inside — and who is now inside with a token that the patch itself does not invalidate.

The scale: 5,000+ endpoints, 24% unpatched

According to threat intel data, more than 5,000 endpoints remain exposed. According to threat intel data, 24% remained unpatched after one month. CISA added CVE-2025-5777 to the KEV on July 10 with a due date of one day — a deadline that signals maximum urgency and leaves little room for hesitation.

Threats already use CitrixBleed 2 as initial access. According to threat intel, Anubis, DragonForce, and RansomHub have been observed exploiting the vulnerability. The NetScaler webserver does not log the vulnerable endpoint, so detection depends on external telemetry — not the appliance's own logs. Anyone relying solely on NetScaler logs to detect exploitation is blind by design.

Defense in layers: why a single control is not enough

What protects is layers. WAF with virtual patching at the edge blocks the malformed POST before nsppe, since Citrix's own WAF does not detect it — a product limitation that leaves the appliance unprotected against its own bug. EDR with automatic isolation contains the attacker when pivoting from the VPN to the domain. SOC 24/7 responds at dawn, when the memory spray happens. Zero Trust validates the session continuously instead of treating the token as trusted. Red Team simulates the kill chain before the real attacker.

No single layer solves it. The WAF blocks the initial exploitation. The EDR contains lateral movement. The SOC detects anomalous behavior outside business hours. Zero Trust invalidates the stolen session when context changes. The Red Team validates that the set works before the real incident. The failure of any layer is contained by the others — it is the defense in depth principle applied to a bug that survives the patch.

The pattern that repeats since 2023

We have watched this pattern repeat since 2023. A perimeter appliance with a memory bug. A token that survives the patch. An attacker who treats the VPN as the doorway to the domain. The difference between 2023 and 2025 is the CVE's name — the mechanics are the same, and the remediation that worked in the first wave remains valid in the second.

At Tech86, this architecture lives in Perimeter Hardening, in EDR/XDR with SOC 24/7, in Offensive Security, and in Security and Compliance. It is the pattern we have applied since the first CitrixBleed wave and that remains valid against the second — because the bug changed names, but layered defense did not change principle.

Conclusion

The patch is the beginning of remediation, not the end. Terminating sessions, rotating credentials, blocking the POST at the edge, isolating the endpoint, monitoring 24/7, and validating the session continuously — that is the set that closes the door CitrixBleed 2 opens. We help companies build exactly this architecture before the attacker builds theirs.

Need expert guidance?

Schedule a consultation with our specialists.

Perimeter Hardening and WAF

Frequently Asked Questions

CitrixBleed 2 is CVE-2025-5777, CVSS 9.3, coined by Kevin Beaumont in June 2025. Like the 2023 CitrixBleed, it is a buffer over-read in the NetScaler nsppe binary that leaks NSC_AAAC tokens from memory. The endpoint changed (doAuthentication.do instead of openid-configuration) and the mechanism changed (uninitialized variable instead of snprintf return misuse), but the impact is the same: session hijacking with MFA irrelevant after the token was issued.

Tokens stolen before the patch remain valid after it. The hijacked session survives the upgrade because the already-issued NSC_AAAC token keeps being accepted by the appliance. That is why it is mandatory to terminate all active sessions (kill aaa session -all, kill icaconnection -all, RDP, SSH, PCoIP) and rotate RADIUS, LDAP, and SAML. The patch is the beginning of remediation, not the end.

The NetScaler webserver does not log the vulnerable endpoint (doAuthentication.do), so exploitation does not appear in the appliance's own logs. Detection depends on external telemetry — WAF at the edge, EDR on endpoints, SIEM correlating VPN traffic with lateral movement. Without layers external to the NetScaler, the attacker exploits, steals the token, and pivots without leaving a trace in the appliance's logs.

According to threat intel data, Anubis, DragonForce, and RansomHub already use CitrixBleed 2 as initial access. CISA added CVE-2025-5777 to the KEV on July 10 with a due date of one day, signaling maximum urgency. According to threat intel data, more than 5,000 endpoints remain exposed and 24% remained unpatched after one month.

The full process is: apply the patch, terminate all active sessions (kill aaa session -all, kill icaconnection -all, RDP, SSH, PCoIP), rotate RADIUS, LDAP, and SAML, deploy WAF with virtual patching at the edge (since Citrix's own WAF does not detect the malformed POST), EDR with automatic isolation to contain the pivot from VPN to domain, SOC 24/7 to respond to the memory spray at dawn, and Zero Trust to validate the session continuously instead of treating the token as trusted.

Blog — Get in Touch

Have a question about our articles or services? Our team is ready to help.

Schedule a Meeting

Book a time slot.

Schedule Now

Email

Send us a message.

[email protected]

WhatsApp

Quick conversation.

Address

Avenida Paulista, 1636 - São Paulo - SP - 01310-200

Tech86 Specialist

Online now

Hello! How can we help scale your business today?

Tech86 Engineering

We Value Your Privacy

We use cookies and similar technologies to optimize your experience, analyze site traffic, and personalize content. By clicking "Accept All", you agree to the use of all cookies. Read our Privacy Policy.