CVE-2025-5777
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
14Exploited in Wild
YesDecision
Descriptions
Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2025-06-06 CVE Reserved
- 2025-06-17 CVE Published
- 2025-06-30 First Exploit
- 2025-07-10 Exploited in Wild
- 2025-07-11 KEV Due Date
- 2025-07-17 CVE Updated
- 2025-07-17 EPSS Updated
CWE
- CWE-125: Out-of-bounds Read
- CWE-457: Use of Uninitialized Variable
CAPEC
References (15)
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/206153 | 2025-07-08 | |
https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC- | 2025-06-30 | |
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed | 2025-07-05 | |
https://github.com/idobarel/CVE-2025-5777 | 2025-07-05 | |
https://github.com/nocerainfosec/cve-2025-5777 | 2025-07-06 | |
https://github.com/RaR1991/citrix_bleed_2 | 2025-07-06 | |
https://github.com/orange0Mint/CitrixBleed-2-CVE-2025-5777 | 2025-07-06 | |
https://github.com/Chocapikk/CVE-2025-5777 | 2025-07-09 | |
https://github.com/win3zz/CVE-2025-5777 | 2025-07-14 | |
https://github.com/FrenzisRed/CVE-2025-5777 | 2025-07-09 | |
https://github.com/bughuntar/CVE-2025-5777 | 2025-07-13 | |
https://github.com/0xgh057r3c0n/CVE-2025-5777 | 2025-07-10 | |
https://github.com/Jishanluhar/CVE-2025-5777 | 2025-07-14 | |
https://github.com/SleepNotF0und/CVE-2025-5777 | 2025-07-15 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
NetScaler Search vendor "NetScaler" | ADC Search vendor "NetScaler" for product "ADC" | >= 14.1 < 43.56 Search vendor "NetScaler" for product "ADC" and version " >= 14.1 < 43.56" | en |
Affected
| ||||||
NetScaler Search vendor "NetScaler" | ADC Search vendor "NetScaler" for product "ADC" | >= 13.1 < 58.32 Search vendor "NetScaler" for product "ADC" and version " >= 13.1 < 58.32" | en |
Affected
| ||||||
NetScaler Search vendor "NetScaler" | Gateway Search vendor "NetScaler" for product "Gateway" | >= 14.1 < 43.56 Search vendor "NetScaler" for product "Gateway" and version " >= 14.1 < 43.56" | en |
Affected
| ||||||
NetScaler Search vendor "NetScaler" | Gateway Search vendor "NetScaler" for product "Gateway" | >= 13.1 < 58.32 Search vendor "NetScaler" for product "Gateway" and version " >= 13.1 < 58.32" | en |
Affected
|