Known Exploited Vulnerability
7.5
HIGH
CVE-2025-5777
Citrix NetScaler ADC and Gateway Out-of-Bounds Rea - [Actively Exploited]
Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

INFO

Published Date :

June 17, 2025, 1:15 p.m.

Last Modified :

July 12, 2025, 1:15 a.m.

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777

Public PoC/Exploit Available at Github

CVE-2025-5777 has a 25 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-5777 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Citrix netscaler_application_delivery_controller
2 Citrix netscaler_gateway

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Explore the CVE-2025-5777 vulnerability in Citrix NetScaler. This script highlights a memory leak issue for educational purposes. 🐱💻🔍

citrix citrix-netscaler citrixbleed2 cve-2025-5777 netscaler

Python

Updated: 1 day, 15 hours ago
0 stars 0 fork 0 watcher
Born at : July 11, 2025, 11:17 a.m. This repo has been linked 1 different CVEs too.

Citrix NetScaler Memory Leak PoC

Python

Updated: 3 days, 19 hours ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 6:48 p.m. This repo has been linked 1 different CVEs too.

CVE-2025-5777 Citrix NetScaler Memory Leak Exploit (CitrixBleed 2)

Python

Updated: 2 days ago
3 stars 2 fork 2 watcher
Born at : July 10, 2025, 7:15 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 2 days, 19 hours ago
1 stars 0 fork 0 watcher
Born at : July 9, 2025, 6:01 p.m. This repo has been linked 2 different CVEs too.

CitrixBleed2 powershell version

Updated: 5 days, 4 hours ago
0 stars 0 fork 0 watcher
Born at : July 9, 2025, 7:09 a.m. This repo has been linked 1 different CVEs too.

CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices

citrix cve-2025-5777 netscaler citrixbleed2

Python

Updated: 2 days, 17 hours ago
30 stars 9 fork 9 watcher
Born at : July 8, 2025, 2:12 p.m. This repo has been linked 2 different CVEs too.

CitrixBleed 2 (CVE-2025-5777)

Shell

Updated: 5 days, 6 hours ago
4 stars 0 fork 0 watcher
Born at : July 8, 2025, 10:27 a.m. This repo has been linked 1 different CVEs too.

CitrixBleed-2 Checker & Poc automatic exploit and check token.

citrixbleed-2 cve-2025-5777

Python

Updated: 1 week ago
1 stars 0 fork 0 watcher
Born at : July 6, 2025, 2:50 p.m. This repo has been linked 1 different CVEs too.

Citrix Bleed 2 PoC Scanner (CVE-2025-5777)

Python

Updated: 1 week, 1 day ago
0 stars 0 fork 0 watcher
Born at : July 6, 2025, 10:55 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : July 6, 2025, 10:18 a.m. This repo has been linked 1 different CVEs too.

Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP Proxy).

citrix citrix-netscaler cve-2025-5777

Python

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : July 5, 2025, 11:56 p.m. This repo has been linked 2 different CVEs too.

CitrixBleed2 poc

Python

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : July 5, 2025, 11:49 a.m. This repo has been linked 1 different CVEs too.

CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway “memory bleed”

Python

Updated: 4 days, 1 hour ago
1 stars 1 fork 1 watcher
Born at : July 4, 2025, 9:13 p.m. This repo has been linked 1 different CVEs too.

None

Python Shell

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 4, 2025, 5:10 a.m. This repo has been linked 3 different CVEs too.

详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件

Python

Updated: 3 days, 2 hours ago
12 stars 2 fork 2 watcher
Born at : June 30, 2025, 11:02 a.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-5777 vulnerability anywhere in the article.

  • CybersecurityNews
Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild

Researchers have observed widespread exploitation attempts targeting a critical memory disclosure vulnerability in Citrix NetScaler devices, designated as CVE-2025-5777 and dubbed “CitrixBleed 2.” Thi ... Read more

Published Date: Jul 11, 2025 (3 days, 7 hours ago)
  • The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more

Published Date: Jul 11, 2025 (3 days, 11 hours ago)
  • The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit

The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more

Published Date: Jul 10, 2025 (3 days, 17 hours ago)
  • Help Net Security
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE ... Read more

Published Date: Jul 09, 2025 (5 days, 4 hours ago)
  • Help Net Security
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway inst ... Read more

Published Date: Jul 08, 2025 (5 days, 23 hours ago)
  • Cyber Security News
PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request

Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed “CitrixBleed2” affecting Citrix NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2 ... Read more

Published Date: Jul 08, 2025 (6 days, 3 hours ago)
  • The Hacker News
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation

Cyber Attacks / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence ... Read more

Published Date: Jul 08, 2025 (6 days, 10 hours ago)
  • BleepingComputer
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable a ... Read more

Published Date: Jul 07, 2025 (6 days, 16 hours ago)
  • The Register
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands

Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of use ... Read more

Published Date: Jul 07, 2025 (6 days, 18 hours ago)
  • Help Net Security
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t ... Read more

Published Date: Jul 06, 2025 (1 week, 1 day ago)
  • Cyber Security News
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation

Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security expe ... Read more

Published Date: Jul 05, 2025 (1 week, 2 days ago)
  • security.nl
Duizenden NetScaler-servers kwetsbaar voor CitrixBleed2, details snel openbaar

Duizenden NetScaler-servers bevatten nog altijd een kritieke kwetsbaarheid aangeduid als "CitrixBleed2", waardoor ze in het ergste geval zijn over te nemen, en een securitybedrijf heeft aangegeven vol ... Read more

Published Date: Jul 04, 2025 (1 week, 3 days ago)
  • BleepingComputer
Citrix warns of login issues after NetScaler auth bypass patch

Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gatewa ... Read more

Published Date: Jul 02, 2025 (1 week, 4 days ago)
  • Help Net Security
Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)

If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been di ... Read more

Published Date: Jul 01, 2025 (1 week, 6 days ago)
  • Help Net Security
Google patches actively exploited Chrome (CVE‑2025‑6554)

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an ex ... Read more

Published Date: Jul 01, 2025 (1 week, 6 days ago)
  • TheCyberThrone
CISA Adds Critical Citrix NetScaler Vulnerability to KEV Catalog

Skip to contentOn June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6543, a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway, to its K ... Read more

Published Date: Jul 01, 2025 (1 week, 6 days ago)
  • Cyber Security News
2100+ Citrix Servers Vulnerable to Actively Exploited Bypass Authentication Vulnerability

Over 2,100 vulnerable Citrix NetScaler servers remain exposed to active exploitation, despite patches being available for critical vulnerabilities that allow attackers to bypass authentication mechani ... Read more

Published Date: Jun 30, 2025 (2 weeks ago)
  • Help Net Security
CitrixBleed 2 might be actively exploited (CVE-2025-5777)

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for ... Read more

Published Date: Jun 30, 2025 (2 weeks ago)
  • security.nl
'Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden'

Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden, zo laat The Shadowserver Foundation vandaag weten. Het gaat onder andere om een actief misbruikt beveiligingslek. De afgelopen w ... Read more

Published Date: Jun 30, 2025 (2 weeks ago)
  • BleepingComputer
Over 1,200 Citrix servers unpatched against critical auth bypass flaw

Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authe ... Read more

Published Date: Jun 30, 2025 (2 weeks ago)
  • Daily CyberSecurity
Citrix Bleed 2: ReliaQuest Warns of Active Exploitation in NetScaler Gateway Vulnerability

A newly discovered vulnerability—CVE-2025-5777, now dubbed Citrix Bleed 2—is raising serious security alarms. According to ReliaQuest, attackers are actively exploiting this vulnerability in the wild ... Read more

Published Date: Jun 30, 2025 (2 weeks ago)
  • Help Net Security
Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux SecurityScorecard’s STRIKE team has uncov ... Read more

Published Date: Jun 29, 2025 (2 weeks, 1 day ago)
  • BleepingComputer
Citrix Bleed 2 flaw now believed to be exploited in attacks

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspici ... Read more

Published Date: Jun 27, 2025 (2 weeks, 3 days ago)
  • security.nl
Securitybedrijf meldt mogelijk misbruik van nieuw CitrixBleed-lek

Een nieuwe kwetsbaarheid in NetScaler ADC en NetScaler Gateway, die de naam CitrixBleed 2 heeft gekregen, wordt mogelijk actief misbruik bij aanvallen, zo stelt securitybedrijf ReliaQuest. NetScaler z ... Read more

Published Date: Jun 27, 2025 (2 weeks, 3 days ago)
  • The Register
Citrix bleeds again: This time a zero-day exploited - patch now

Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued ... Read more

Published Date: Jun 25, 2025 (2 weeks, 4 days ago)
  • BleepingComputer
Citrix warns of NetScaler vulnerability exploited in DoS attacks

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. "Exploits of CV ... Read more

Published Date: Jun 25, 2025 (2 weeks, 4 days ago)
  • TheCyberThrone
NVIDIA Megatron-LM Vulnerabilities

Skip to content🔍 OverviewIn June 2025, NVIDIA disclosed two critical code injection vulnerabilities in its large-scale transformer training framework, Megatron-LM. These flaws reside in insecure Pytho ... Read more

Published Date: Jun 25, 2025 (2 weeks, 4 days ago)
  • BleepingComputer
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication se ... Read more

Published Date: Jun 25, 2025 (2 weeks, 4 days ago)
  • The Hacker News
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Vulnerability / Network Security Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE- ... Read more

Published Date: Jun 25, 2025 (2 weeks, 5 days ago)
  • The Hacker News
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Data Privacy / Vulnerability Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could ha ... Read more

Published Date: Jun 25, 2025 (2 weeks, 5 days ago)
  • The Register
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack

Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cybe ... Read more

Published Date: Jun 24, 2025 (2 weeks, 5 days ago)
  • security.nl
NetScaler-klanten opgeroepen om nieuw 'CitrixBleed-lek' snel te patchen

Organisaties die gebruikmaken van NetScaler ADC en NetScaler Gateway worden opgeroepen om een kritieke kwetsbaarheid zo snel mogelijk te patchen, nu de omschrijving van het probleem is aangepast. De B ... Read more

Published Date: Jun 24, 2025 (2 weeks, 6 days ago)
  • TheCyberThrone
CVE-2025-5777 – Critical Citrix NetScaler Vulnerability

CVE-2025-5777 is a critical out-of-bounds read vulnerability discovered in Citrix NetScaler ADC and NetScaler Gateway. This flaw allows unauthenticated remote attackers to access sensitive memory cont ... Read more

Published Date: Jun 24, 2025 (2 weeks, 6 days ago)
  • Dark Reading
Citrix Patches Critical Vulns in NetScaler ADC and Gateway

Source: Vladimir Sotnichenko via Alamy Stock PhotoNEWS BRIEFCitrix has fixed a critical vulnerability, tracked as CVE-2025-5777, found within NetScaler ADC and NetScaler Gateway.The vulnerability, ass ... Read more

Published Date: Jun 23, 2025 (2 weeks, 6 days ago)
  • Help Net Security
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privat ... Read more

Published Date: Jun 23, 2025 (3 weeks ago)
  • The Register
Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China

Infosec in brief A former US Army sergeant has admitted he attempted to sell classified data to China. Joseph Daniel Schmidt last Friday pled guilty after the Feds charged him with using his top secre ... Read more

Published Date: Jun 23, 2025 (3 weeks ago)
  • Cyber Security News
Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches

In our fast-paced, interconnected world, the dangers of cyberattacks are becoming more frequent and complex. That’s why it’s more important than ever to stay updated and aware of the risks. Every week ... Read more

Published Date: Jun 22, 2025 (3 weeks, 1 day ago)
  • The Cyber Express
CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

A security flaw in Apache Traffic Server (ATS) is targeting cloud service providers worldwide. The vulnerability, identified as CVE-2025-49763, exposes affected systems to denial-of-service (DoS) atta ... Read more

Published Date: Jun 20, 2025 (3 weeks, 3 days ago)
  • security.nl
CSG waarschuwt voor kritiek beveiligingslek in NetScaler Gateway en ADC

De Cloud Software Group (CSG) waarschuwt voor een kritieke kwetsbaarheid in NetScaler ADC en NetScaler Gateway die tot een "memory overread" kan leiden. Een aanvaller zou zo vertrouwelijke informatie ... Read more

Published Date: Jun 18, 2025 (3 weeks, 5 days ago)
  • Cyber Security News
Citrix NetScaler ADC and Gateway Vulnerabilities Allow Attackers to Access Sensitive Data

Two critical security vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway products, formerly known as Citrix ADC and Gateway, potentially allowing attackers to access sensitive ... Read more

Published Date: Jun 17, 2025 (3 weeks, 6 days ago)

The following table lists the changes that have been made to the CVE-2025-5777 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Jul. 12, 2025

    Action Type Old Value New Value
    Added Reference https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
    Added Reference https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/
    Added Reference https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/
    Added Reference https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
    Added Reference https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jul. 11, 2025

    Action Type Old Value New Value
    Added Date Added 2025-07-10
    Added Due Date 2025-07-11
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 10, 2025

    Action Type Old Value New Value
    Added Reference https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/
  • Initial Analysis by [email protected]

    Jul. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    Added CWE CWE-908
    Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.1 up to (excluding) 13.1-58.32 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 14.1 up to (excluding) 14.1-43.56 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.328 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.235 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.235 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.1-58.32 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 14.1 up to (excluding) 14.1-43.56
    Added Reference Type CISA-ADP: https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71 Types: Third Party Advisory
    Added Reference Type Citrix Systems, Inc.: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 Types: Vendor Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 09, 2025

    Action Type Old Value New Value
    Added CWE CWE-457
    Added Reference https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71
  • CVE Modified by [email protected]

    Jun. 24, 2025

    Action Type Old Value New Value
    Changed Description Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
  • New CVE Received by [email protected]

    Jun. 17, 2025

    Action Type Old Value New Value
    Added Description Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-125
    Added Reference https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-5777 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-5777 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
© cvefeed.io
Latest DB Update: Jul. 14, 2025 15:30