CVE-2025-5777
Published Jun 17, 2025
Last updated 20 days ago
AI description
CVE-2025-5777 is a vulnerability affecting NetScaler ADC and NetScaler Gateway. It is caused by insufficient input validation, which leads to a memory overread. The vulnerability can be exploited on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. An unauthorized attacker could potentially grab valid session tokens from the memory of internet-facing NetScaler devices by sending a malformed request. Successful exploitation could allow the attacker to gain access to the appliances.
- Description
- Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- Source
- secure@citrix.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
- Exploit added on
- Jul 10, 2025
- Exploit action due
- Jul 11, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
🚨 [AUG 1] Daily #CyberThreats from #CyberDudeBivash 🛠️ Citrix CVE-2025-5777 (Data Leak) 💣 ShadowStrike SSH Botnet 🧠 Chrome V8 Zero-Day CVE-2025-6554 🎯 Malvertising on Edge/Firefox 🔗 https://t.co/CdDASZtiJu | https://t.co/QHCBMbYxeX #ThreatIntel #Infosec #
@Iambivash007
1 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. https://t.co/B6Djgl0RRU
@de_do20
1 Aug 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
1 Aug 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/gGEV8bdOGw https://t.co/CJyMgvoDqt
@oferguetta
31 Jul 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Citrix Bleed 2.0 (CVE-2025-5777 & CVE-2025-5349) Citrix has disclosed two critical vulnerabilities affecting NetScaler ADC and Gateway. Patch immediately to fixed builds as listed in CTX693420. https://t.co/E9MwaWRzQ3 https://t.co/4ymn1iIQtV
@CyberTitanLLC
31 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major breaches this week: • ToolShell (CVE-2025-53770) • CrushFTP (CVE-2025-54309) • CitrixBleed 2 (CVE-2025-5777) • McHire bot leak • Salt Typhoon • NoName057(16) • PoisonSeed • Wing FTP (CVE-2025-47812) Read more: https://t.co/na3lHAlIC0 #CyberSecurity #DataBrea
@FireCompass
31 Jul 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/KlV24bGBhK https://t.co/0MYX3tY2F4
@henryvillar
30 Jul 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Compartimos uno de los post más leidos este mes en nuestro blog: CVE-2025-5777 aka Citrix Bleed 2: Riesgo latente en infraestructura estratégica de Chile https://t.co/N6EWPXMZ36 https://t.co/pATcfflujt
@Cronup_CyberSec
30 Jul 2025
240 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
30 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. Read our latest update here: https://t.co/Y0zMeN8rWX
@AWNetworks
29 Jul 2025
208 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨【CitrixBleed2 / CVE-2025-5777】 Citrix NetScalerに深刻なメモリリーク脆弱性が発見され、PoCも公開済み。 Criminal IPで脆弱な機器の特定が可能です。 🔗 詳しくはこちら: https://t.co/rKtNUuKZNy #CitrixBleed2 #サイバーセキュ
@CriminalIP_JP
29 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨متاح PoC لـ #CVE-2025-5777 الآن. يتم استغلال الثغرة في ذاكرة Citrix NetScaler — دون الحاجة إلى مصادقة — بشكل نشط. 🔹الأهداف: Citrix NetScaler ADC/Gateway 🔹ما يكشفه: Tokens, API keys,
@CriminalIP_AR
29 Jul 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-5777 취약점을 악용한 실제 공격이 확산 중입니다. Citrix NetScaler의 메모리 릭 취약점이 인증 없이 악용 가능하며, 현재 실사용 공격이 포착되고 있습니다. 🔹 대상: Citrix NetScaler ADC / Gateway 🔹 노출 위험:
@CriminalIP_KR
29 Jul 2025
81 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/UplRUEUJ3n https://t.co/IX1OpN59FP
@robertcshaw
28 Jul 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
.@Akamai emitió una alerta sobre CVE-2025-5777, vulnerabilidad crítica en NetScaler. Ya desplegó protección automática con App & API Protector. Lee el análisis y recomendaciones. @canalmastekhw https://t.co/4Ui81Q4nfy https://t.co/wjHTtkGN92
@ArminBolenius
27 Jul 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released. 🥴3 🙄3 😵6 https://t.co/Z0Zp8eiAZJ
@AnnabellesAp
26 Jul 2025
67 Impressions
6 Retweets
5 Likes
5 Bookmarks
9 Replies
0 Quotes
CVE-2025-5777 is being exploited using advanced hacking techniques like passive backdoors, DNS hijacking, and stealthy traffic manipulation. Groups like Volt Typhoon & UNC3886 are behind the activity. Read more: https://t.co/Lm988jGS8m #CVE2025_5777 #CyberSecurity #Citrix htt
@FireCompass
25 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
There is an update to Citrix Bleed 2 - CVE-2025-5349 and CVE-2025-5777 . Apparently, only one article is referenced to test for possible compromise. https://t.co/dDLO4CFnoS Dear admin colleagues, how many are currently rotating and looking for patches?
@NickInformation
25 Jul 2025
438 Impressions
3 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 Article Id : CTX693420 Last Modified Date : 07-25-2025 17:33 Created Date : 06-17-2025 11:48 https://t.co/Zh1McSSDCO
@endi24
25 Jul 2025
264 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CitrixBleed is back and it’s leaking sensitive data again. Here’s what you need to know about CVE-2025-5777. @Akamai https://t.co/OTXI07Xic9 https://t.co/votCBGRUYj
@epichol
25 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/h1jdNlbihI https://t.co/WKndzhcsuB
@oferguetta
25 Jul 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild. https://t.co/zkHgtkbXrW https://t.co/kV0fKR2jev
@henryvillar
24 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises #CISO https://t.co/j78xRSwlVQ https://t.co/Xz8JPmQDzJ
@compuchris
24 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting a memory leak in Citrix NetScaler (CVE-2025-5777) https://t.co/5hznj8s0WL Credits @watchtowrcyber #infosec https://t.co/uV5M8ZI74e
@0xor0ne
24 Jul 2025
5825 Impressions
30 Retweets
139 Likes
46 Bookmarks
5 Replies
0 Quotes
CVE-2025-5777: Citrix NetScaler Memory Leak Exploit (CitrixBleed 2) GitHub: https://t.co/FY8H2QcA4A Write-up: https://t.co/ZdkdJxiQUE https://t.co/5q7OLuTkiR
@DarkWebInformer
21 Jul 2025
9229 Impressions
21 Retweets
122 Likes
60 Bookmarks
1 Reply
1 Quote
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises The U.S. Cybersecurity and I 𝗖𝘂𝗿𝗶𝗼𝘂𝘀? 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝘀𝘁𝗼𝗿𝘆! @thehackersnews @edgeitech
@Edgeitech
21 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After being contacted by a couple of customers regarding the updates sent out by Nationaal Cyber Security Centrum (@ncsc_nl) regarding CVE-2025-5777 and CVE-2025-6543 for NetScaler, I've decided to bundle a set of tests for indicators of compromise into one #shell script. This
@jantytgat
21 Jul 2025
2548 Impressions
12 Retweets
16 Likes
3 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-5777
@transilienceai
20 Jul 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Github link: https://t.co/6yYIZSJzQ3
@PoC_in_Github
19 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5777 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Github link: https://t.co/PBbvd0BfvH
@PoC_in_Github
19 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Nuevas vulnerabilidades críticas en Citrix Las vulnerabilidades, identificadas como CVE-2025-5349 y CVE-2025-5777, afectan a múltiples versiones de Citrix NetScaler. Más información: https://t.co/XtXEQOe1Rl #Citrix #vulnerability https://t.co/U4oFQqsoLP
@CSIRT_Telconet
19 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
19 Jul 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released.8 🤝 🐵 5 https://t.co/Ip0MQqlf19
@LarryHarri36415
18 Jul 2025
16 Impressions
7 Retweets
5 Likes
0 Bookmarks
9 Replies
0 Quotes
GreyNoise observed exploitation of CitrixBleed 2 (CVE-2025-5777) nearly two weeks before a public PoC was released.
@GreyNoiseIO
18 Jul 2025
13409 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public https://t.co/YFhjPtHuGj #patchmanagement
@eyalestrin
18 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical #CVE-2025-5777 CVSS 9.3 impacts #NetScaler ADC & Gateway, leading to unauthenticated memory overread. It is actively exploited in the wild and has been added to the CISA KEV catalog. More info at: https://t.co/V0l00CVMhB #Patch #Patch #Patch.
@CCBalert
18 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cyberNEWS A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public. https://t.co/ZjVsCdx8NL
@CyberSysblue
18 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks CVE-2025-5777, dubbed "CitrixBleed 2," is a critical Citrix NetScaler vulnerability exploited as early as June 23, 2025—weeks before public PoCs emerged. The flaw, caused by improper input validation, allows h
@dCypherIO
18 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Launch 11.5 Million Attacks on CitrixBleed 2-Compromising Over 100 Organizations https://t.co/irzA40NxpP A massive wave of exploitation targeting the critical CitrixBleed 2 vulnerability (CVE-2025-5777), with over 11.5 million attack attempts recorded since its disclos
@f1tym1
18 Jul 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
News of Week 29-2025: Citrix NetScaler CVE-2025-5777 active exploits, FSLogix 25.06 GA and vdmadmin.exe guide https://t.co/8UbdYqNyt7
@WilcovanBragt
18 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5777
@transilienceai
18 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-5777: Citrix NetScaler メモリリーク脆弱性通称 #CitrixBleed2、PoCコードが公開されました。 🔗 https://t.co/nKQEMkpxly 本脆弱性は NetScaler ADC および Gateway 製品に影響を与え、 攻撃者がメモリ上から機密情報を抽
@CriminalIP_JP
18 Jul 2025
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 استغلال ثغرة CVE-2025-5777 تسرب الذاكرة في Citrix #NetScaler تم إصدار PoC للثغرة، التي تسمح بتسرب البيانات من أجهزة NetScaler ADC & Gateway. 🔗 https://t.co/fNCqXJpjbI اكتشف الأص
@CriminalIP_AR
18 Jul 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability, CVE-2025-5777 (CitrixBleed 2), was exploited since June 23, 2025. It allows data leaks via malformed POST requests. Citrix acknowledged it late, urging immediate patching for over 120 companies affected. #Scurity https://t.co/9IhhDHmUmB
@Strivehawk
18 Jul 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم استغلال ثغرة خطيرة في Citrix NetScaler، المسماة "CitrixBleed 2" (CVE-2025-5777)، قبل أسبوعين من نشر نماذج إثبات الاستغلال، على الرغم من تأكيد Citrix بعدم وجود دليل على الهجم
@Cybercachear
17 Jul 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent: #CitrixBleed2 vulnerability (CVE-2025-5777) actively exploited. Immediate patching of #Citrix #NetScaler devices is crucial to prevent unauthorized access. #CyberSecurity #InfoSec Link: https://t.co/F6azbF8NMq #Vulnerability #Exploit #Patch #Security #Threat #Devices
@dailytechonx
17 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public https://t.co/FkkJSubRJE
@endi24
17 Jul 2025
412 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
📌 CISA adds CVE-2025-5777 (CitrixBleed 2) to KEV catalog. Federal agencies must patch within 24 hours due to active exploitation. #CyberSecurity #CISA https://t.co/zMlDnugXLC https://t.co/u6F0HtsL9m
@CyberHub_blog
17 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CitrixBleed is back and it’s leaking sensitive data again. Here’s what you need to know about CVE-2025-5777. @Akamai https://t.co/CcAYLRVM8U https://t.co/72ncmpwITO
@AngeloAkamai
17 Jul 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-5777: Citrix NetScaler Memory Leak Exploit 일명 #CitrixBleed2, PoC 코드가 공개되었습니다. 🔗 https://t.co/X3clYMlnEc 이번 취약점은 NetScaler ADC & Gateway 장비에 영향을 미치며,공격자가 민감 정보를 메모리에서 추출할
@CriminalIP_KR
17 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D907BEC2-6930-4989-A6E1-847B4763BB12",
"versionEndExcluding": "12.1-55.328",
"versionStartIncluding": "12.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AF5A6EE-84A9-42AA-BC4B-7C3367D08CAF",
"versionEndExcluding": "13.1-37.235",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E219F46B-FCBE-4DA2-9094-6ED128E8AF66",
"versionEndExcluding": "13.1-37.235",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48A64F62-2A5A-40CB-A507-A48497BD749A",
"versionEndExcluding": "13.1-58.32",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6484AA47-81F8-4EE6-9F33-96DEFE2F66E1",
"versionEndExcluding": "14.1-43.56",
"versionStartIncluding": "14.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C86D66F-888F-4519-B700-9ADC4EE6913C",
"versionEndExcluding": "13.1-58.32",
"versionStartIncluding": "13.1"
},
{
"criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4E61FAA-9EAB-4F9B-887F-C5DC0DA0C633",
"versionEndExcluding": "14.1-43.56",
"versionStartIncluding": "14.1"
}
],
"operator": "OR"
}
]
}
]