Over 1,200 Citrix NetScaler ADC and Gateway servers remain unpatched against a critical authentication bypass vulnerability (CVE-2025-5777) allowing attackers to hijack sessions and potentially bypass multi-factor authentication in active attacks.