CVE-2023-4966
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability - [Actively Exploited]
Description
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
INFO
Published Date :
Oct. 10, 2023, 2:15 p.m.
Last Modified :
March 13, 2025, 7:53 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966
Affected Products
The following products are affected by CVE-2023-4966
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Upgrade to version 13.0-92.19, 13.1-49.15, 14.1-8.50 or later.
- Refer to vendor documentation for security updates.
Public PoC/Exploit Available at Github
CVE-2023-4966 has a 38 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-4966.
| URL | Resource |
|---|---|
| http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html | Third Party Advisory VDB Entry |
| https://support.citrix.com/article/CTX579459 | Vendor Advisory |
| http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html | Third Party Advisory VDB Entry |
| https://support.citrix.com/article/CTX579459 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-4966 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-4966
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
None
Python Shell
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
citrix cve-2025-5777 netscaler citrixbleed2
Python
Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP Proxy).
citrix citrix-netscaler cve-2025-5777
Python
详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件
Python
None
Python Shell HTML JavaScript PowerShell TeX
CVE-2023-4966-exploit
A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities
attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc
这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目
HTML
None
Python
None
Flipper Zero payloads and configs!
Python Shell HTML JavaScript PowerShell TeX
None
CSS HTML JavaScript
This repository contains a list of artifacts to search for while performing a forensic investigation on Citrix Netscaler appliances.
citrix-adc citrix-netscaler forensic-analysis guide citrix-adc-forensics malware
Shell
Simulates CVE-2023-4966 Citrix Bleed overread bug
C
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-4966 vulnerability anywhere in the article.
-
The Register
Major outage at Pennsylvania Attorney General's Office blamed on 'cyber incident'
The Pennsylvania's Office of Attorney General (OAG) is blaming a digital blackout of its services on a "cyber incident." The OAG posted a statement to Facebook yesterday, saying that its systems are c ... Read more
-
Daily CyberSecurity
ShadowSyndicate’s Global Ransomware Empire Blurs Lines Between Cybercrime and Geopolitical Espionage
Attack infrastructure of ShadowSyndicate overlaps with Toneshell, Rustdoor and Koi stealer | Image: Intrinsec In a recent investigation, cybersecurity firm Intrinsec has illuminated the sprawling infr ... Read more
-
The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more
-
The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more
-
The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more
-
The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more
-
Cyber Security News
PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request
Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed “CitrixBleed2” affecting Citrix NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2 ... Read more
-
BleepingComputer
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable a ... Read more
-
Cyber Security News
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation
Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security expe ... Read more
-
Help Net Security
CitrixBleed 2 might be actively exploited (CVE-2025-5777)
While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for ... Read more
-
Daily CyberSecurity
Citrix Bleed 2: ReliaQuest Warns of Active Exploitation in NetScaler Gateway Vulnerability
A newly discovered vulnerability—CVE-2025-5777, now dubbed Citrix Bleed 2—is raising serious security alarms. According to ReliaQuest, attackers are actively exploiting this vulnerability in the wild ... Read more
-
BleepingComputer
Citrix Bleed 2 flaw now believed to be exploited in attacks
A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspici ... Read more
-
The Register
Citrix bleeds again: This time a zero-day exploited - patch now
Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued ... Read more
-
BleepingComputer
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication se ... Read more
-
Cyber Security News
Citrix NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild
Cloud Software Group has issued an urgent security advisory warning customers about a critical memory overflow vulnerability in NetScaler ADC and Gateway products, which could enable denial-of-service ... Read more
-
The Hacker News
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Data Privacy / Vulnerability Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could ha ... Read more
-
The Register
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cybe ... Read more
-
TheCyberThrone
CVE-2025-5777 – Critical Citrix NetScaler Vulnerability
CVE-2025-5777 is a critical out-of-bounds read vulnerability discovered in Citrix NetScaler ADC and NetScaler Gateway. This flaw allows unauthenticated remote attackers to access sensitive memory cont ... Read more
-
Dark Reading
Citrix Patches Critical Vulns in NetScaler ADC and Gateway
Source: Vladimir Sotnichenko via Alamy Stock PhotoNEWS BRIEFCitrix has fixed a critical vulnerability, tracked as CVE-2025-5777, found within NetScaler ADC and NetScaler Gateway.The vulnerability, ass ... Read more
-
Help Net Security
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privat ... Read more
The following table lists the changes that have been made to the
CVE-2023-4966 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Mar. 13, 2025
Action Type Old Value New Value -
CVE Modified by [email protected]
Feb. 13, 2025
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. -
CVE Modified by [email protected]
Feb. 03, 2025
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. -
Modified Analysis by [email protected]
Jan. 27, 2025
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html Added Reference https://support.citrix.com/article/CTX579459 -
CVE Modified by [email protected]
Nov. 21, 2024
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. -
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. -
CVE Modified by [email protected]
Aug. 02, 2024
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. -
Modified Analysis by [email protected]
Jun. 17, 2024
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Feb. 29, 2024
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. -
Modified Analysis by [email protected]
Jan. 09, 2024
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Changed Reference Type http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html No Types Assigned http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html Third Party Advisory, VDB Entry -
CVE Modified by [email protected]
Nov. 07, 2023
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. -
CVE Modified by [email protected]
Oct. 25, 2023
Action Type Old Value New Value Changed Description Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Added Reference http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html [No Types Assigned] -
Initial Analysis by [email protected]
Oct. 18, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Changed Reference Type https://support.citrix.com/article/CTX579459 No Types Assigned https://support.citrix.com/article/CTX579459 Vendor Advisory Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.300 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.300 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.0 up to (excluding) 13.0-92.19 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.164 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.1 up to (excluding) 13.1-49.15 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 14.1 up to (excluding) 14.1-8.50 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.0 up to (excluding) 13.0-92.19 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.1-49.15 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 14.1 up to (excluding) 14.1-8.50
Vulnerability Scoring Details
Base CVSS Score: 9.4
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
94.30 }} -0.00%
score
0.99936
percentile