This has prompted confusion within the safety group as to which flaw is being focused by attackers, CVE-2025-5777 or CVE-2025-6543, or each. IoCs for CVE-2025-6543 can be found on request from the Citrix Cloud Software program Group, however there was no such data for CVE-2025-5777 till this week, on condition that Citrix hasn’t seen any proof of lively exploits.
Researchers from safety corporations watchTowr and Horizon3.ai have independently reverse-engineered the patches and have revealed analyses and IoCs for the vulnerability they consider to be CVE-2025-5777, with the purpose of serving to organizations develop detections amid the confusion.
“We have now been actively engaged behind the scenes, sharing data and reproducers with the watchTowr Platform person base, who depend on our expertise to quickly decide their publicity, and quite a few trade our bodies to do our half in a broader world response,” researchers from watchTowr wrote in their in-depth report. “We have now been led to consider that data sharing within the type of IoCs, exploitation artefacts, and extra objects that may be useful for Citrix NetScaler finish customers has been … ‘minimal,’ which places these customers in a troublesome place when figuring out if they should sound an inner alarm.”
