Known Exploited Vulnerability
9.3
CRITICAL CVSS 4.0
CVE-2025-5777
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability - [Actively Exploited]
Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

INFO

Published Date :

June 17, 2025, 1:15 p.m.

Last Modified :

Aug. 14, 2025, 2:52 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777

Affected Products

The following products are affected by CVE-2025-5777 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Citrix netscaler_application_delivery_controller
2 Citrix netscaler_gateway
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
CVSS 4.0 CRITICAL [email protected]
Solution
This information is provided by the 3rd party feeds.
  • Upgrade to version 12.1-55.328 (12.1-FIPS), 13.1-37.235 (13.1-FIPS), 13.1-58.32, 14.1-43.56 or later.
Public PoC/Exploit Available at Github

CVE-2025-5777 has a 35 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-5777 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-5777 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Exploit for CVE-2025-5777: Citrix NetScaler Memory Disclosure (CitrixBleed 2)

citrixbleed-2 citrixbleed2 exploit-development

Shell

Updated: 2 days, 10 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 20, 2025, 10:51 a.m. This repo has been linked 1 different CVEs too.

None

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 15, 2025, 9:07 a.m. This repo has been linked 310 different CVEs too.

None

Python

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 14, 2025, 10:09 p.m. This repo has been linked 1 different CVEs too.

Update the old POC of CVE-2025-5777 Citrix NetScaler Memory leak

Python

Updated: 1 week, 5 days ago
0 stars 1 fork 1 watcher
Born at : Aug. 11, 2025, 3:47 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 2 weeks, 2 days ago
1 stars 1 fork 1 watcher
Born at : Aug. 7, 2025, 8:47 p.m. This repo has been linked 1 different CVEs too.

CitrixBleed 2 NetScaler honeypot logs

Updated: 3 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : July 30, 2025, 1:43 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 5 days, 13 hours ago
0 stars 0 fork 0 watcher
Born at : July 24, 2025, 12:09 p.m. This repo has been linked 1 different CVEs too.

PoC for CVE-2025-5777 – Auth Bypass and RCE in Trend Micro Apex Central

authentication-bypass cve-2025-5777 exploit infosec kali-linux python rce redteam trendmicro

Python

Updated: 4 weeks, 2 days ago
2 stars 0 fork 0 watcher
Born at : July 23, 2025, 12:05 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 1 week, 3 days ago
1 stars 0 fork 0 watcher
Born at : July 23, 2025, 11:54 a.m. This repo has been linked 88 different CVEs too.

CVE-2025-5777

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 16, 2025, 3:12 p.m. This repo has been linked 2 different CVEs too.

An advanced, powerful, and easy-to-use tool designed to detect and exploit CVE-2025-5777 (CitrixBleed 2). This script not only identifies the vulnerability but also helps in demonstrating its impact by parsing human-readable information from the memory leak.

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : July 15, 2025, 5:49 p.m. This repo has been linked 1 different CVEs too.

CVE-2025-5777 (CitrixBleed 2) - [Citrix NetScaler ADC] [Citrix Gateway]

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 15, 2025, 5:02 a.m. This repo has been linked 1 different CVEs too.

Explore the CVE-2025-5777 vulnerability in Citrix NetScaler. This script highlights a memory leak issue for educational purposes. 🐱💻🔍

citrix citrix-netscaler citrixbleed2 cve-2025-5777 netscaler

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 11, 2025, 11:17 a.m. This repo has been linked 1 different CVEs too.

Citrix NetScaler Memory Leak PoC

Python

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 6:48 p.m. This repo has been linked 1 different CVEs too.

CVE-2025-5777 Citrix NetScaler Memory Leak Exploit (CitrixBleed 2)

Python

Updated: 1 month ago
16 stars 4 fork 4 watcher
Born at : July 10, 2025, 7:15 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-5777 vulnerability anywhere in the article.

  • CybersecurityNews
Qilin Ransomware Leads The Attack Landscape With 70+ Claimed Victims in July

The ransomware threat landscape witnessed a concerning surge in July 2025, with the Qilin ransomware group maintaining its dominant position for the third time in four months. The group successfully c ... Read more

Published Date: Aug 14, 2025 (1 week, 2 days ago)
  • BleepingComputer
Pennsylvania attorney general's email, site down after cyberattack

The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. As Attorney General Dave Sunday r ... Read more

Published Date: Aug 13, 2025 (1 week, 3 days ago)
  • security.nl
NCSC publiceert scripts voor controleren van Citrix-systemen

Het Nationaal Cyber Security Centrum (NCSC) heeft vandaag op GitHub twee scripts gepubliceerd waarmee organisaties zelf kunnen controleren of hun Citrix-systemen zijn gecompromitteerd. Afgelopen maand ... Read more

Published Date: Aug 13, 2025 (1 week, 4 days ago)
  • The Register
Major outage at Pennsylvania Attorney General's Office blamed on 'cyber incident'

The Pennsylvania's Office of Attorney General (OAG) is blaming a digital blackout of its services on a "cyber incident." The OAG posted a statement to Facebook yesterday, saying that its systems are c ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • CybersecurityNews
17,000+ VMware ESXi Servers Vulnerable to Critical Integer-Overflow Vulnerability

More than 17,000 VMware ESXi installations worldwide are at risk from a severe integer-overflow vulnerability tracked as CVE-2025-41236 (CVSS 9.3), cybersecurity researchers warn. This critical vulner ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • CybersecurityNews
Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges

Zoom has disclosed a critical vulnerability affecting multiple Windows-based clients, potentially allowing attackers to escalate privileges and compromise user systems. Designated as CVE-2025-49457 un ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • CybersecurityNews
Ivanti Connect Secure, Policy Secure and ZTA Vulnerabilities Let Attackers Trigger DoS Attack

Ivanti has released critical security updates addressing multiple high and medium-severity vulnerabilities across its Connect Secure, Policy Secure, and Zero Trust Access (ZTA) gateway products. The v ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • CybersecurityNews
7000+ Citrix NetScaler Devices Still Vulnerable to CVE-2025-5777 and CVE-2025-6543

Over 7,000 Citrix NetScaler appliances remain unpatched against two critical vulnerabilities: CVE-2025-5777 and CVE-2025-6543. Despite multiple advisories from Citrix, CISA’s KEV catalog entries, and ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • Help Net Security
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)

FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting Citrix Bleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC (Application Delivery C ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • BleepingComputer
Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were re ... Read more

Published Date: Aug 12, 2025 (1 week, 4 days ago)
  • The Cyber Express
APT-Style Attacks Exploit CVE-2025-6543 in Dutch Critical Organizations

The Dutch National Cyber Security Centre (NCSC) has confirmed that a serious vulnerability in Citrix NetScaler systems, identified as CVE-2025-6543, has been exploited in targeted attacks against mult ... Read more

Published Date: Aug 12, 2025 (1 week, 5 days ago)
  • The Hacker News
Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors

Aug 12, 2025Ravie LakshmananVulnerability / Threat Intelligence The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw ... Read more

Published Date: Aug 12, 2025 (1 week, 5 days ago)
  • BleepingComputer
Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs

The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the countr ... Read more

Published Date: Aug 11, 2025 (1 week, 5 days ago)
  • CybersecurityNews
Splunk Details on How to Detect, Mitigate and Respond to CitrixBleed 2 Attack

CitrixBleed 2 (CVE-2025-5777) erupted in 2025 when researchers uncovered an out-of-bounds read in Citrix NetScaler ADC and Gateway that lets an unauthenticated request siphon memory straight from the ... Read more

Published Date: Jul 24, 2025 (1 month ago)
  • CybersecurityNews
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More

It’s been a busy seven days for security alerts. Google is addressing another actively exploited zero-day in Chrome, and VMware has rolled out key patches for its own set of vulnerabilities. We’ll als ... Read more

Published Date: Jul 20, 2025 (1 month ago)
  • CybersecurityNews
Hackers Launch 11.5 Million Attacks on CitrixBleed 2-Compromising Over 100 Organizations

A massive wave of exploitation targeting the critical CitrixBleed 2 vulnerability (CVE-2025-5777), with over 11.5 million attack attempts recorded since its disclosure in June. The campaign has succes ... Read more

Published Date: Jul 18, 2025 (1 month ago)
  • security.nl
Openbaar Ministerie koppelt digitale omgeving los van internet vanwege kwetsbaarheid

De digitale omgeving van het Openbaar Ministerie is gisteravond uit voorzorg losgekoppeld van het internet. Aanleiding hiervoor is een kwetsbaarheid in Citrix NetScaler. Dit meldt minister Van Weel va ... Read more

Published Date: Jul 18, 2025 (1 month ago)
  • BleepingComputer
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks

A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite ... Read more

Published Date: Jul 17, 2025 (1 month ago)
  • security.nl
NetScaler deelt Indicators of Compromise (IoCs) CVE-2025-5777

NetScaler deelt een aantal Indicators of Compromise (IoCs) die erop kunnen wijzen dat NetScaler-appliances via de kwetsbaarheid CVE-2025-5777 zijn aangevallen. Beheerders kunnen in logbestanden zoeken ... Read more

Published Date: Jul 17, 2025 (1 month, 1 week ago)
  • CybersecurityNews
Hackers Started Exploiting CitrixBleed 2 Vulnerability Before Public PoC Disclosure

Researchers detected an active exploitation of CVE-2025-5777, dubbed CitrixBleed 2, nearly two weeks before a public proof-of-concept surfaced. This memory overread vulnerability in Citrix NetScaler a ... Read more

Published Date: Jul 17, 2025 (1 month, 1 week ago)

The following table lists the changes that have been made to the CVE-2025-5777 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Aug. 14, 2025

    Action Type Old Value New Value
    Added Reference Type CVE: https://citrixbleed.com Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Aug. 13, 2025

    Action Type Old Value New Value
    Added Reference https://citrixbleed.com
  • Modified Analysis by [email protected]

    Jul. 14, 2025

    Action Type Old Value New Value
    Added Reference Type CVE: https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/ Types: Third Party Advisory
    Added Reference Type CVE: https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Types: Third Party Advisory
    Added Reference Type CISA-ADP: https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/ Types: Third Party Advisory
    Added Reference Type CVE: https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/ Types: Press/Media Coverage, Third Party Advisory
    Added Reference Type CVE: https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ Types: Third Party Advisory
    Added Reference Type CVE: https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/ Types: Press/Media Coverage
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Jul. 12, 2025

    Action Type Old Value New Value
    Added Reference https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
    Added Reference https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/
    Added Reference https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/
    Added Reference https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/
    Added Reference https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jul. 11, 2025

    Action Type Old Value New Value
    Added Date Added 2025-07-10
    Added Due Date 2025-07-11
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 10, 2025

    Action Type Old Value New Value
    Added Reference https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/
  • Initial Analysis by [email protected]

    Jul. 10, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    Added CWE CWE-908
    Added CPE Configuration OR *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 13.1 up to (excluding) 13.1-58.32 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:* versions from (including) 14.1 up to (excluding) 14.1-43.56 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 12.1 up to (excluding) 12.1-55.328 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.235 *cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:* versions from (including) 13.1 up to (excluding) 13.1-37.235 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 13.1 up to (excluding) 13.1-58.32 *cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:* versions from (including) 14.1 up to (excluding) 14.1-43.56
    Added Reference Type CISA-ADP: https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71 Types: Third Party Advisory
    Added Reference Type Citrix Systems, Inc.: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 Types: Vendor Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 09, 2025

    Action Type Old Value New Value
    Added CWE CWE-457
    Added Reference https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71
  • CVE Modified by [email protected]

    Jun. 24, 2025

    Action Type Old Value New Value
    Changed Description Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
  • New CVE Received by [email protected]

    Jun. 17, 2025

    Action Type Old Value New Value
    Added Description Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-125
    Added Reference https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.3
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 7.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact