Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public
ATT&CK techniques detected
T1190Exploit Public-Facing Application
88%
"exploitation of citrixbleed 2 ( cve - 2025 - 5777 ) began before poc was public greynoise has observed active exploitation attempts against cve - 2025 - 5777 ( citrixbleed 2 ), a memory overread vulnerability in citrix netscaler. exploitation began on june 23 — nearly two weeks b…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.