This has created confusion in the security community which defects are being targeted by the attackers, CVE-2025-5777 or CVE-2025-6543, or both. IOCS CITRIX clouds for CVE-2025-6543 are available at request from the software group, but no such information has been given for CVE-2025-5777 by this week, given that Citrix has not seen any evidence of active feats.
Researchers with safety firms watcher and horizon.
Researchers at Watchtower wrote Watchtower researchers, “We are actively connected behind the curtain, the Watchtower platforms share information and reproduction with the user user base, which rely to determine their exposure fast on our technology, and many industries bodies to share their share in a wide global response,” Their intensive report“We have been motivated to believe that IOCs, sharing information in the form of exploitation artifacts, and more items, which will be helpful for Citrix Netscaler end users …” minimal, “which keeps these users in a difficult position when it needs to determine whether they need to have an internal alarm sound.”
