🚨 This repository contains authorized testing tools for the critical Citrix Gateway vulnerability CVE-2025-5777, known as CitrixBleed v2.
It enables memory leak triggering and session replay validation. Use responsibly and only on systems you own or are permitted to test.
CitrixBleed v2 is an out-of-bounds memory leak vulnerability in Citrix Gateway and ADC, triggered via an oversized HTTP Host header. It can lead to leakage of session cookies (NSC_*), which may be used to bypass authentication.
This repo contains:
- A PoC for leaking memory from vulnerable endpoints
- A validator to test leaked session cookies
- A combined tool that performs both actions
🔍 Function: Sends a specially crafted request with a large Host header to trigger the memory leak via /nf/auth/startwebview.do.
📦 Output:
- Saves raw response to
leak_output.bin - Extracts
NSC_*session cookies from the binary data
🛠 Usage:
python3 citrixbleed_leak.py https://target-gateway🔐 Function: Validates if a leaked session is still active by submitting NSC_USER and NSC_TASS cookies to /vpn/index.html.
🛠 Usage:
python3 citrixbleed_replay.py https://target-gateway NSC_USER_val NSC_TASS_val
🧪 Function: One-click PoC that:
-
Triggers the memory leak
-
Extracts cookies
-
Attempts session replay using leaked values
📦 Output:
leak_output.bin: raw leaked memory
Prints extracted cookies and login status
🛠 Usage:
python3 citrixbleed_combined.py https://target-gateway
This tool is provided for educational and authorized security testing purposes only. Unauthorized scanning or exploitation of systems you do not own or have explicit permission to test is illegal and against the terms of use.
Maintained by illdeed For research and responsible disclosure.