CVE-2025-5777
Published Jun 17, 2025
Last updated 6 days ago
AI description
CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.
- Description
- Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- Source
- secure@citrix.com
- NVD status
- Analyzed
- Products
- netscaler_application_delivery_controller, netscaler_gateway
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
- Exploit added on
- Jul 10, 2025
- Exploit action due
- Jul 11, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#VulnerabilityReport #ADC CitrixBleed 2: CVE-2025-5777 Joins CISA’s KEV Catalog Amid Active Exploitation Storm, PoC Available https://t.co/KZVMyiDlmv
@Komodosec
17 Aug 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5777: CitrixBleed 2 Exploit Deep Dive by https://t.co/YU9W61Uaqq https://t.co/CZVm7BREEL
@tbbhunter
16 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新され、Citrix Netscaler ADC/Gatewayの脆弱性CVE-2025-5777がランサムウェア集団に悪用されたことが確認された。 https://t.co/
@__kokumoto
14 Aug 2025
1710 Impressions
0 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨 Nearly 7,000 Citrix NetScaler appliances vulnerable to critical flaws **CVE-2025-5777** and **CVE-2025-6543**. Remote access, data theft, and disruption of essential services. 🔗 [https://t.co/MpBm1GF3Rw\](https://t.co/Oqi0WELxNX) \#CyberSecurity #Canada #AgencePDN https
@AgencePdn
14 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Près de 7 000 Citrix NetScaler vulnérables aux failles critiques **CVE-2025-5777** et **CVE-2025-6543**. Accès à distance, vols de données et perturbations de services essentiels. 🔗 [https://t.co/MpBm1GF3Rw\](https://t.co/Oqi0WELxNX) #Cybersécurité #Canada #Agen
@AgencePdn
14 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Pennsylvania AG's systems down: cyberattack suspected ransomware! 🚨 Possible vector: CVE-2025-5777 in Citrix NetScaler. Is YOUR patch management robust? Protect your orgs! 🛡️ Read more: https://t.co/ca4L3BnIIW #CyberAttack #Ransomware #CitrixSecurity
@fernandokarl
13 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 3,300 Citrix NetScaler devices remain unpatched against critical CVE-2025-5777 and CVE-2025-6543 flaws, enabling session hijacking, MFA bypass, and data theft with active global exploitation reported. #CitrixBleed #CISA #USA https://t.co/P9e0QPAK04
@TweetThreatNews
12 Aug 2025
83 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 3,300 Citrix NetScaler devices remain unpatched against CitrixBleed 2 (CVE-2025-5777), leaving them open to session hijacking and ransomware attacks. Patch now—active exploitation is widespread. Details: https://t.co/BPs1VMJ0oa
@RedTeamNewsBlog
12 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises https://t.co/6Y8Cr0REYD #CyberSecurity #Vulnerability #CISA #Citrix #NetScaler https://t.co/rV1zSbgmI4
@blueteamsec1
9 Aug 2025
1940 Impressions
2 Retweets
10 Likes
0 Bookmarks
1 Reply
0 Quotes
CitrixBleed 2 (CVE-2025-5777) Mitigation: A Guide to Detecting Exposed Citrix NetScaler Assets | Criminal IP https://t.co/cSruWAXOVi
@akaclandestine
7 Aug 2025
479 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/al0BFlfqJR https://t.co/8BLQoJppUQ
@GavLarsen
5 Aug 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. Read @AWNetworks latest update here:https://t.co/fGqH5Vu9YS
@upgradeoptions
4 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#HackThePlanet #HackTheSystem #NoNWO #OpNWO #𝒜𝔫𝑜𝔫𝒚𝔪𝑜𝖚𝙨 I have found CVE-2025-5777, a critical memory disclosure vulnerability in Citrix NetScaler ADC/Gateway appliances in NWO sites . The exploit leaks sensitive memory content through malformed authent
@Lulz_BinBash
3 Aug 2025
140 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 [AUG 1] Daily #CyberThreats from #CyberDudeBivash 🛠️ Citrix CVE-2025-5777 (Data Leak) 💣 ShadowStrike SSH Botnet 🧠 Chrome V8 Zero-Day CVE-2025-6554 🎯 Malvertising on Edge/Firefox 🔗 https://t.co/CdDASZtiJu | https://t.co/QHCBMbYxeX #ThreatIntel #Infosec #
@Iambivash007
1 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. https://t.co/B6Djgl0RRU
@de_do20
1 Aug 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
1 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/gGEV8bdOGw https://t.co/CJyMgvoDqt
@oferguetta
31 Jul 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Citrix Bleed 2.0 (CVE-2025-5777 & CVE-2025-5349) Citrix has disclosed two critical vulnerabilities affecting NetScaler ADC and Gateway. Patch immediately to fixed builds as listed in CTX693420. https://t.co/E9MwaWRzQ3 https://t.co/4ymn1iIQtV
@CyberTitanLLC
31 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea
@FireCompass
31 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/KlV24bGBhK https://t.co/0MYX3tY2F4
@henryvillar
30 Jul 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Compartimos uno de los post más leidos este mes en nuestro blog: CVE-2025-5777 aka Citrix Bleed 2: Riesgo latente en infraestructura estratégica de Chile https://t.co/N6EWPXMZ36 https://t.co/pATcfflujt
@Cronup_CyberSec
30 Jul 2025
240 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
30 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. Read our latest update here: https://t.co/Y0zMeN8rWX
@AWNetworks
29 Jul 2025
208 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨【CitrixBleed2 / CVE-2025-5777】 Citrix NetScalerに深刻なメモリリーク脆弱性が発見され、PoCも公開済み。 Criminal IPで脆弱な機器の特定が可能です。 🔗 詳しくはこちら: https://t.co/rKtNUuKZNy #CitrixBleed2 #サイバーセキュ
@CriminalIP_JP
29 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨متاح PoC لـ #CVE-2025-5777 الآن. يتم استغلال الثغرة في ذاكرة Citrix NetScaler — دون الحاجة إلى مصادقة — بشكل نشط. 🔹الأهداف: Citrix NetScaler ADC/Gateway 🔹ما يكشفه: Tokens, API keys,
@CriminalIP_AR
29 Jul 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-5777 취약점을 악용한 실제 공격이 확산 중입니다. Citrix NetScaler의 메모리 릭 취약점이 인증 없이 악용 가능하며, 현재 실사용 공격이 포착되고 있습니다. 🔹 대상: Citrix NetScaler ADC / Gateway 🔹 노출 위험:
@CriminalIP_KR
29 Jul 2025
81 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/UplRUEUJ3n https://t.co/IX1OpN59FP
@robertcshaw
28 Jul 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
.@Akamai emitió una alerta sobre CVE-2025-5777, vulnerabilidad crítica en NetScaler. Ya desplegó protección automática con App & API Protector. Lee el análisis y recomendaciones. @canalmastekhw https://t.co/4Ui81Q4nfy https://t.co/wjHTtkGN92
@ArminBolenius
27 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. 🥴3 🙄3 😵6 https://t.co/Z0Zp8eiAZJ
@AnnabellesAp
26 Jul 2025
67 Impressions
6 Retweets
5 Likes
5 Bookmarks
9 Replies
0 Quotes
CVE-2025-5777 is being exploited using advanced hacking techniques like passive backdoors, DNS hijacking, and stealthy traffic manipulation. Groups like Volt Typhoon & UNC3886 are behind the activity. Read more: https://t.co/Lm988jGS8m #CVE2025_5777 #CyberSecurity #Citrix htt
@FireCompass
25 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
There is an update to Citrix Bleed 2 - CVE-2025-5349 and CVE-2025-5777 . Apparently, only one article is referenced to test for possible compromise. https://t.co/dDLO4CFnoS Dear admin colleagues, how many are currently rotating and looking for patches?
@NickInformation
25 Jul 2025
438 Impressions
3 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 Article Id : CTX693420 Last Modified Date : 07-25-2025 17:33 Created Date : 06-17-2025 11:48 https://t.co/Zh1McSSDCO
@endi24
25 Jul 2025
264 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CitrixBleed is back and it’s leaking sensitive data again. Here’s what you need to know about CVE-2025-5777. @Akamai https://t.co/OTXI07Xic9 https://t.co/votCBGRUYj
@epichol
25 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/h1jdNlbihI https://t.co/WKndzhcsuB
@oferguetta
25 Jul 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/zkHgtkbXrW https://t.co/kV0fKR2jev
@henryvillar
24 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises #CISO https://t.co/j78xRSwlVQ https://t.co/Xz8JPmQDzJ
@compuchris
24 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting a memory leak in Citrix NetScaler (CVE-2025-5777) https://t.co/5hznj8s0WL Credits @watchtowrcyber #infosec https://t.co/uV5M8ZI74e
@0xor0ne
24 Jul 2025
5825 Impressions
30 Retweets
139 Likes
46 Bookmarks
5 Replies
0 Quotes
CVE-2025-5777: Citrix NetScaler Memory Leak Exploit (CitrixBleed 2) GitHub: https://t.co/FY8H2QcA4A Write-up: https://t.co/ZdkdJxiQUE https://t.co/5q7OLuTkiR
@DarkWebInformer
21 Jul 2025
9229 Impressions
21 Retweets
122 Likes
60 Bookmarks
1 Reply
1 Quote
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises The U.S. Cybersecurity and I 𝗖𝘂𝗿𝗶𝗼𝘂𝘀? 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝘀𝘁𝗼𝗿𝘆! @thehackersnews @edgeitech
@Edgeitech
21 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After being contacted by a couple of customers regarding the updates sent out by Nationaal Cyber Security Centrum (@ncsc_nl) regarding CVE-2025-5777 and CVE-2025-6543 for NetScaler, I've decided to bundle a set of tests for indicators of compromise into one #shell script. This
@jantytgat
21 Jul 2025
2548 Impressions
12 Retweets
16 Likes
3 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-5777
@transilienceai
20 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Github link: https://t.co/6yYIZSJzQ3
@PoC_in_Github
19 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Github link: https://t.co/PBbvd0BfvH
@PoC_in_Github
19 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nuevas vulnerabilidades críticas en Citrix Las vulnerabilidades, identificadas como CVE-2025-5349 y CVE-2025-5777, afectan a múltiples versiones de Citrix NetScaler. Más información: https://t.co/XtXEQOe1Rl #Citrix #vulnerability https://t.co/U4oFQqsoLP
@CSIRT_Telconet
19 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
19 Jul 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released.8 🤝 🐵 5 https://t.co/Ip0MQqlf19
@LarryHarri36415
18 Jul 2025
16 Impressions
7 Retweets
5 Likes
0 Bookmarks
9 Replies
0 Quotes
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released.
@GreyNoiseIO
18 Jul 2025
13409 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public https://t.co/YFhjPtHuGj #patchmanagement
@eyalestrin
18 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical #CVE-2025-5777 CVSS 9.3 impacts #NetScaler ADC & Gateway, leading to unauthenticated memory overread. It is actively exploited in the wild and has been added to the CISA KEV catalog. More info at: https://t.co/V0l00CVMhB #Patch #Patch #Patch.
@CCBalert
18 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cyberNEWS A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public. https://t.co/ZjVsCdx8NL
@CyberSysblue
18 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D907BEC2-6930-4989-A6E1-847B4763BB12",
"versionEndExcluding": "12.1-55.328",
"versionStartIncluding": "12.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AF5A6EE-84A9-42AA-BC4B-7C3367D08CAF",
"versionEndExcluding": "13.1-37.235",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E219F46B-FCBE-4DA2-9094-6ED128E8AF66",
"versionEndExcluding": "13.1-37.235",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48A64F62-2A5A-40CB-A507-A48497BD749A",
"versionEndExcluding": "13.1-58.32",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6484AA47-81F8-4EE6-9F33-96DEFE2F66E1",
"versionEndExcluding": "14.1-43.56",
"versionStartIncluding": "14.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C86D66F-888F-4519-B700-9ADC4EE6913C",
"versionEndExcluding": "13.1-58.32",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4E61FAA-9EAB-4F9B-887F-C5DC0DA0C633",
"versionEndExcluding": "14.1-43.56",
"versionStartIncluding": "14.1"
}
],
"operator": "OR"
}
]
}
]