CVE-2025-5777

Published Jun 17, 2025

Last updated 6 days ago

Exploit knownCVSS critical 9.3
NetScaler ADC
NetScaler Gateway
Citrix

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.

Description
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Source
secure@citrix.com
NVD status
Analyzed
Products
netscaler_application_delivery_controller, netscaler_gateway

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Exploit added on
Jul 10, 2025
Exploit action due
Jul 11, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@citrix.com
CWE-125
nvd@nist.gov
CWE-908
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-457

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #ADC CitrixBleed 2: CVE-2025-5777 Joins CISA’s KEV Catalog Amid Active Exploitation Storm, PoC Available https://t.co/KZVMyiDlmv

    @Komodosec

    17 Aug 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-5777: CitrixBleed 2 Exploit Deep Dive by https://t.co/YU9W61Uaqq https://t.co/CZVm7BREEL

    @tbbhunter

    16 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新され、Citrix Netscaler ADC/Gatewayの脆弱性CVE-2025-5777がランサムウェア集団に悪用されたことが確認された。 https://t.co/

    @__kokumoto

    14 Aug 2025

    1710 Impressions

    0 Retweets

    17 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Nearly 7,000 Citrix NetScaler appliances vulnerable to critical flaws **CVE-2025-5777** and **CVE-2025-6543**. Remote access, data theft, and disruption of essential services. 🔗 [https://t.co/MpBm1GF3Rw\](https://t.co/Oqi0WELxNX) \#CyberSecurity #Canada #AgencePDN https

    @AgencePdn

    14 Aug 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Près de 7 000 Citrix NetScaler vulnérables aux failles critiques **CVE-2025-5777** et **CVE-2025-6543**. Accès à distance, vols de données et perturbations de services essentiels. 🔗 [https://t.co/MpBm1GF3Rw\](https://t.co/Oqi0WELxNX) #Cybersécurité #Canada #Agen

    @AgencePdn

    14 Aug 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Pennsylvania AG's systems down: cyberattack suspected ransomware! 🚨 Possible vector: CVE-2025-5777 in Citrix NetScaler. Is YOUR patch management robust? Protect your orgs! 🛡️ Read more: https://t.co/ca4L3BnIIW #CyberAttack #Ransomware #CitrixSecurity

    @fernandokarl

    13 Aug 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Over 3,300 Citrix NetScaler devices remain unpatched against critical CVE-2025-5777 and CVE-2025-6543 flaws, enabling session hijacking, MFA bypass, and data theft with active global exploitation reported. #CitrixBleed #CISA #USA https://t.co/P9e0QPAK04

    @TweetThreatNews

    12 Aug 2025

    83 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Over 3,300 Citrix NetScaler devices remain unpatched against CitrixBleed 2 (CVE-2025-5777), leaving them open to session hijacking and ransomware attacks. Patch now—active exploitation is widespread. Details: https://t.co/BPs1VMJ0oa

    @RedTeamNewsBlog

    12 Aug 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises https://t.co/6Y8Cr0REYD #CyberSecurity #Vulnerability #CISA #Citrix #NetScaler https://t.co/rV1zSbgmI4

    @blueteamsec1

    9 Aug 2025

    1940 Impressions

    2 Retweets

    10 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. CitrixBleed 2 (CVE-2025-5777) Mitigation: A Guide to Detecting Exposed Citrix NetScaler Assets | Criminal IP https://t.co/cSruWAXOVi

    @akaclandestine

    7 Aug 2025

    479 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/al0BFlfqJR https://t.co/8BLQoJppUQ

    @GavLarsen

    5 Aug 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. Read @AWNetworks latest update here:https://t.co/fGqH5Vu9YS

    @upgradeoptions

    4 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. #HackThePlanet #HackTheSystem #NoNWO #OpNWO #𝒜𝔫𝑜𝔫𝒚𝔪𝑜𝖚𝙨 I have found CVE-2025-5777, a critical memory disclosure vulnerability in Citrix NetScaler ADC/Gateway appliances in NWO sites . The exploit leaks sensitive memory content through malformed authent

    @Lulz_BinBash

    3 Aug 2025

    140 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 [AUG 1] Daily #CyberThreats from #CyberDudeBivash 🛠️ Citrix CVE-2025-5777 (Data Leak) 💣 ShadowStrike SSH Botnet 🧠 Chrome V8 Zero-Day CVE-2025-6554 🎯 Malvertising on Edge/Firefox 🔗 https://t.co/CdDASZtiJu | https://t.co/QHCBMbYxeX #ThreatIntel #Infosec #

    @Iambivash007

    1 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. https://t.co/B6Djgl0RRU

    @de_do20

    1 Aug 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2025-5777

    @transilienceai

    1 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/gGEV8bdOGw https://t.co/CJyMgvoDqt

    @oferguetta

    31 Jul 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Citrix Bleed 2.0 (CVE-2025-5777 & CVE-2025-5349) Citrix has disclosed two critical vulnerabilities affecting NetScaler ADC and Gateway. Patch immediately to fixed builds as listed in CTX693420. https://t.co/E9MwaWRzQ3 https://t.co/4ymn1iIQtV

    @CyberTitanLLC

    31 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea

    @FireCompass

    31 Jul 2025

    97 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/KlV24bGBhK https://t.co/0MYX3tY2F4

    @henryvillar

    30 Jul 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Compartimos uno de los post más leidos este mes en nuestro blog: CVE-2025-5777 aka Citrix Bleed 2: Riesgo latente en infraestructura estratégica de Chile https://t.co/N6EWPXMZ36 https://t.co/pATcfflujt

    @Cronup_CyberSec

    30 Jul 2025

    240 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. Actively exploited CVE : CVE-2025-5777

    @transilienceai

    30 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. Read our latest update here: https://t.co/Y0zMeN8rWX

    @AWNetworks

    29 Jul 2025

    208 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨【CitrixBleed2 / CVE-2025-5777】 Citrix NetScalerに深刻なメモリリーク脆弱性が発見され、PoCも公開済み。 Criminal IPで脆弱な機器の特定が可能です。 🔗 詳しくはこちら: https://t.co/rKtNUuKZNy #CitrixBleed2 #サイバーセキュ

    @CriminalIP_JP

    29 Jul 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨متاح PoC لـ #CVE-2025-5777 الآن. ​ يتم استغلال الثغرة في ذاكرة Citrix NetScaler — دون الحاجة إلى مصادقة — بشكل نشط. ​ 🔹الأهداف: Citrix NetScaler ADC/Gateway ​ 🔹ما يكشفه: Tokens, API keys,

    @CriminalIP_AR

    29 Jul 2025

    88 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨 CVE-2025-5777 취약점을 악용한 실제 공격이 확산 중입니다. Citrix NetScaler의 메모리 릭 취약점이 인증 없이 악용 가능하며, 현재 실사용 공격이 포착되고 있습니다. 🔹 대상: Citrix NetScaler ADC / Gateway 🔹 노출 위험:

    @CriminalIP_KR

    29 Jul 2025

    81 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/UplRUEUJ3n https://t.co/IX1OpN59FP

    @robertcshaw

    28 Jul 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. .@Akamai emitió una alerta sobre CVE-2025-5777, vulnerabilidad crítica en NetScaler. Ya desplegó protección automática con App & API Protector. Lee el análisis y recomendaciones. @canalmastekhw https://t.co/4Ui81Q4nfy https://t.co/wjHTtkGN92

    @ArminBolenius

    27 Jul 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. 🥴3 🙄3 😵‍6 https://t.co/Z0Zp8eiAZJ

    @AnnabellesAp

    26 Jul 2025

    67 Impressions

    6 Retweets

    5 Likes

    5 Bookmarks

    9 Replies

    0 Quotes

  30. CVE-2025-5777 is being exploited using advanced hacking techniques like passive backdoors, DNS hijacking, and stealthy traffic manipulation. Groups like Volt Typhoon & UNC3886 are behind the activity. Read more: https://t.co/Lm988jGS8m #CVE2025_5777 #CyberSecurity #Citrix htt

    @FireCompass

    25 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. There is an update to Citrix Bleed 2 - CVE-2025-5349 and CVE-2025-5777 . Apparently, only one article is referenced to test for possible compromise. https://t.co/dDLO4CFnoS Dear admin colleagues, how many are currently rotating and looking for patches?

    @NickInformation

    25 Jul 2025

    438 Impressions

    3 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  32. NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 Article Id : CTX693420 Last Modified Date : 07-25-2025 17:33 Created Date : 06-17-2025 11:48 https://t.co/Zh1McSSDCO

    @endi24

    25 Jul 2025

    264 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CitrixBleed is back and it’s leaking sensitive data again. Here’s what you need to know about CVE-2025-5777. @Akamai https://t.co/OTXI07Xic9 https://t.co/votCBGRUYj

    @epichol

    25 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/h1jdNlbihI https://t.co/WKndzhcsuB

    @oferguetta

    25 Jul 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/zkHgtkbXrW https://t.co/kV0fKR2jev

    @henryvillar

    24 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises #CISO https://t.co/j78xRSwlVQ https://t.co/Xz8JPmQDzJ

    @compuchris

    24 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Exploiting a memory leak in Citrix NetScaler (CVE-2025-5777) https://t.co/5hznj8s0WL Credits @watchtowrcyber #infosec https://t.co/uV5M8ZI74e

    @0xor0ne

    24 Jul 2025

    5825 Impressions

    30 Retweets

    139 Likes

    46 Bookmarks

    5 Replies

    0 Quotes

  38. CVE-2025-5777: Citrix NetScaler Memory Leak Exploit (CitrixBleed 2) GitHub: https://t.co/FY8H2QcA4A Write-up: https://t.co/ZdkdJxiQUE https://t.co/5q7OLuTkiR

    @DarkWebInformer

    21 Jul 2025

    9229 Impressions

    21 Retweets

    122 Likes

    60 Bookmarks

    1 Reply

    1 Quote

  39. CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises The U.S. Cybersecurity and I 𝗖𝘂𝗿𝗶𝗼𝘂𝘀? 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝘀𝘁𝗼𝗿𝘆! @thehackersnews @edgeitech

    @Edgeitech

    21 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. After being contacted by a couple of customers regarding the updates sent out by Nationaal Cyber Security Centrum (@ncsc_nl) regarding CVE-2025-5777 and CVE-2025-6543 for NetScaler, I've decided to bundle a set of tests for indicators of compromise into one #shell script. This

    @jantytgat

    21 Jul 2025

    2548 Impressions

    12 Retweets

    16 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  41. Actively exploited CVE : CVE-2025-5777

    @transilienceai

    20 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Github link: https://t.co/6yYIZSJzQ3

    @PoC_in_Github

    19 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Github link: https://t.co/PBbvd0BfvH

    @PoC_in_Github

    19 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Nuevas vulnerabilidades críticas en Citrix Las vulnerabilidades, identificadas como CVE-2025-5349 y CVE-2025-5777, afectan a múltiples versiones de Citrix NetScaler. Más información: https://t.co/XtXEQOe1Rl #Citrix #vulnerability https://t.co/U4oFQqsoLP

    @CSIRT_Telconet

    19 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Actively exploited CVE : CVE-2025-5777

    @transilienceai

    19 Jul 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  46. GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released.8 🤝 🐵 5 https://t.co/Ip0MQqlf19

    @LarryHarri36415

    18 Jul 2025

    16 Impressions

    7 Retweets

    5 Likes

    0 Bookmarks

    9 Replies

    0 Quotes

  47. GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released.

    @GreyNoiseIO

    18 Jul 2025

    13409 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  48. Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public https://t.co/YFhjPtHuGj #patchmanagement

    @eyalestrin

    18 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Warning: Critical #CVE-2025-5777 CVSS 9.3 impacts #NetScaler ADC & Gateway, leading to unauthenticated memory overread. It is actively exploited in the wild and has been added to the CISA KEV catalog. More info at: https://t.co/V0l00CVMhB #Patch #Patch #Patch.

    @CCBalert

    18 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. #cyberNEWS A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public. https://t.co/ZjVsCdx8NL

    @CyberSysblue

    18 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.