CVE-2025-5777
Citrix NetScaler ADC and Gateway Out-of-Bounds Rea - [Actively Exploited]
Description
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
INFO
Published Date :
June 17, 2025, 1:15 p.m.
Last Modified :
July 12, 2025, 1:15 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
3.6
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777
Public PoC/Exploit Available at Github
CVE-2025-5777 has a 25 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
Affected Products
The following products are affected by CVE-2025-5777
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-5777
.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Explore the CVE-2025-5777 vulnerability in Citrix NetScaler. This script highlights a memory leak issue for educational purposes. 🐱💻🔍
citrix citrix-netscaler citrixbleed2 cve-2025-5777 netscaler
Python
Citrix NetScaler Memory Leak PoC
Python
CVE-2025-5777 Citrix NetScaler Memory Leak Exploit (CitrixBleed 2)
Python
None
Python
CitrixBleed2 powershell version
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
citrix cve-2025-5777 netscaler citrixbleed2
Python
CitrixBleed 2 (CVE-2025-5777)
Shell
CitrixBleed-2 Checker & Poc automatic exploit and check token.
citrixbleed-2 cve-2025-5777
Python
Citrix Bleed 2 PoC Scanner (CVE-2025-5777)
Python
None
Python
Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP Proxy).
citrix citrix-netscaler cve-2025-5777
Python
CitrixBleed2 poc
Python
CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway “memory bleed”
Python
None
Python Shell
详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-5777
vulnerability anywhere in the article.

-
CybersecurityNews
Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild
Researchers have observed widespread exploitation attempts targeting a critical memory disclosure vulnerability in Citrix NetScaler devices, designated as CVE-2025-5777 and dubbed “CitrixBleed 2.” Thi ... Read more

-
The Hacker News
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) cata ... Read more

-
The Register
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, has been under exploitati ... Read more

-
Help Net Security
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)
For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE ... Read more

-
Help Net Security
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)
With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway inst ... Read more

-
Cyber Security News
PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request
Security researchers have released proof-of-concept exploits for a critical vulnerability dubbed “CitrixBleed2” affecting Citrix NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2 ... Read more

-
The Hacker News
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
Cyber Attacks / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence ... Read more

-
BleepingComputer
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable a ... Read more

-
The Register
CitrixBleed 2 exploits are on the loose as security researchers yell and wave their hands
Multiple exploits are circulating for CVE-2025-5777, a critical bug in Citrix NetScaler ADC and NetScaler Gateway dubbed CitrixBleed 2, and security analysts are warning a "significant portion" of use ... Read more

-
Help Net Security
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t ... Read more

-
Cyber Security News
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation
Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security expe ... Read more

-
security.nl
Duizenden NetScaler-servers kwetsbaar voor CitrixBleed2, details snel openbaar
Duizenden NetScaler-servers bevatten nog altijd een kritieke kwetsbaarheid aangeduid als "CitrixBleed2", waardoor ze in het ergste geval zijn over te nemen, en een securitybedrijf heeft aangegeven vol ... Read more

-
BleepingComputer
Citrix warns of login issues after NetScaler auth bypass patch
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gatewa ... Read more

-
Help Net Security
Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)
If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been di ... Read more

-
Help Net Security
Google patches actively exploited Chrome (CVE‑2025‑6554)
Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an ex ... Read more

-
TheCyberThrone
CISA Adds Critical Citrix NetScaler Vulnerability to KEV Catalog
Skip to contentOn June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6543, a critical buffer overflow vulnerability in Citrix NetScaler ADC and Gateway, to its K ... Read more

-
Cyber Security News
2100+ Citrix Servers Vulnerable to Actively Exploited Bypass Authentication Vulnerability
Over 2,100 vulnerable Citrix NetScaler servers remain exposed to active exploitation, despite patches being available for critical vulnerabilities that allow attackers to bypass authentication mechani ... Read more

-
Help Net Security
CitrixBleed 2 might be actively exploited (CVE-2025-5777)
While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for ... Read more

-
security.nl
'Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden'
Tientallen Nederlandse Citrix-servers bevatten kritieke kwetsbaarheden, zo laat The Shadowserver Foundation vandaag weten. Het gaat onder andere om een actief misbruikt beveiligingslek. De afgelopen w ... Read more

-
BleepingComputer
Over 1,200 Citrix servers unpatched against critical auth bypass flaw
Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authe ... Read more

-
Daily CyberSecurity
Citrix Bleed 2: ReliaQuest Warns of Active Exploitation in NetScaler Gateway Vulnerability
A newly discovered vulnerability—CVE-2025-5777, now dubbed Citrix Bleed 2—is raising serious security alarms. According to ReliaQuest, attackers are actively exploiting this vulnerability in the wild ... Read more

-
Help Net Security
Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux SecurityScorecard’s STRIKE team has uncov ... Read more

-
BleepingComputer
Citrix Bleed 2 flaw now believed to be exploited in attacks
A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspici ... Read more

-
security.nl
Securitybedrijf meldt mogelijk misbruik van nieuw CitrixBleed-lek
Een nieuwe kwetsbaarheid in NetScaler ADC en NetScaler Gateway, die de naam CitrixBleed 2 heeft gekregen, wordt mogelijk actief misbruik bij aanvallen, zo stelt securitybedrijf ReliaQuest. NetScaler z ... Read more

-
The Register
Citrix bleeds again: This time a zero-day exploited - patch now
Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued ... Read more

-
BleepingComputer
Citrix warns of NetScaler vulnerability exploited in DoS attacks
Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. "Exploits of CV ... Read more

-
TheCyberThrone
NVIDIA Megatron-LM Vulnerabilities
Skip to content🔍 OverviewIn June 2025, NVIDIA disclosed two critical code injection vulnerabilities in its large-scale transformer training framework, Megatron-LM. These flaws reside in insecure Pytho ... Read more

-
BleepingComputer
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication se ... Read more

-
The Hacker News
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
Vulnerability / Network Security Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE- ... Read more

-
The Hacker News
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
Data Privacy / Vulnerability Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could ha ... Read more

-
The Register
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack
Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cybe ... Read more

-
security.nl
NetScaler-klanten opgeroepen om nieuw 'CitrixBleed-lek' snel te patchen
Organisaties die gebruikmaken van NetScaler ADC en NetScaler Gateway worden opgeroepen om een kritieke kwetsbaarheid zo snel mogelijk te patchen, nu de omschrijving van het probleem is aangepast. De B ... Read more

-
TheCyberThrone
CVE-2025-5777 – Critical Citrix NetScaler Vulnerability
CVE-2025-5777 is a critical out-of-bounds read vulnerability discovered in Citrix NetScaler ADC and NetScaler Gateway. This flaw allows unauthenticated remote attackers to access sensitive memory cont ... Read more

-
Dark Reading
Citrix Patches Critical Vulns in NetScaler ADC and Gateway
Source: Vladimir Sotnichenko via Alamy Stock PhotoNEWS BRIEFCitrix has fixed a critical vulnerability, tracked as CVE-2025-5777, found within NetScaler ADC and NetScaler Gateway.The vulnerability, ass ... Read more

-
Help Net Security
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privat ... Read more

-
The Register
Former US Army Sergeant pleads guilty after amateurish attempt at selling secrets to China
Infosec in brief A former US Army sergeant has admitted he attempted to sell classified data to China. Joseph Daniel Schmidt last Friday pled guilty after the Feds charged him with using his top secre ... Read more

-
Cyber Security News
Weekly Cybersecurity News Recap – Top Vulnerabilities, Threat and Data Breaches
In our fast-paced, interconnected world, the dangers of cyberattacks are becoming more frequent and complex. That’s why it’s more important than ever to stay updated and aware of the risks. Every week ... Read more

-
The Cyber Express
CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks
A security flaw in Apache Traffic Server (ATS) is targeting cloud service providers worldwide. The vulnerability, identified as CVE-2025-49763, exposes affected systems to denial-of-service (DoS) atta ... Read more

-
security.nl
CSG waarschuwt voor kritiek beveiligingslek in NetScaler Gateway en ADC
De Cloud Software Group (CSG) waarschuwt voor een kritieke kwetsbaarheid in NetScaler ADC en NetScaler Gateway die tot een "memory overread" kan leiden. Een aanvaller zou zo vertrouwelijke informatie ... Read more

-
Cyber Security News
Citrix NetScaler ADC and Gateway Vulnerabilities Allow Attackers to Access Sensitive Data
Two critical security vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway products, formerly known as Citrix ADC and Gateway, potentially allowing attackers to access sensitive ... Read more
The following table lists the changes that have been made to the
CVE-2025-5777
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jul. 12, 2025
Action Type Old Value New Value Added Reference https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/ Added Reference https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Added Reference https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/ Added Reference https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ Added Reference https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/ -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jul. 11, 2025
Action Type Old Value New Value Added Date Added 2025-07-10 Added Due Date 2025-07-11 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jul. 10, 2025
Action Type Old Value New Value Added Reference https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/ -
Initial Analysis by [email protected]
Jul. 10, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Added CWE CWE-908 Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.1 up to (excluding) 13.1-58.32 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 14.1 up to (excluding) 14.1-43.56 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.328 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.235 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.235 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.1-58.32 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 14.1 up to (excluding) 14.1-43.56 Added Reference Type CISA-ADP: https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71 Types: Third Party Advisory Added Reference Type Citrix Systems, Inc.: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 Types: Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jul. 09, 2025
Action Type Old Value New Value Added CWE CWE-457 Added Reference https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71 -
CVE Modified by [email protected]
Jun. 24, 2025
Action Type Old Value New Value Changed Description Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server -
New CVE Received by [email protected]
Jun. 17, 2025
Action Type Old Value New Value Added Description Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-125 Added Reference https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-5777
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-5777
weaknesses.