Back to KEVs

CVE-2025-5777

NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread

Basic Information

CVE State: PUBLISHED
Reserved Date: June 06, 2025
Published Date: June 17, 2025
Last Updated: July 17, 2025
Vendor: NetScaler
Product: ADC, Gateway
Description: Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Tags

CVSS Scores

CVSS v4.0

9.3 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

EPSS Score

Score: 18.93% (Percentile: 95.01%) as of 2025-07-17

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-07-03 00:00:00 UTC) Source

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-07-04 12:00:14 UTC

Recent Mentions

Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks

Source: BleepingComputer • Published: 2025-07-17 23:37:34 UTC

A critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed "CitrixBleed 2," was actively exploited nearly two weeks before proof-of-concept (PoC) exploits were made public, despite Citrix stating that there was no evidence of attacks. [...]

Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public

Source: GreyNoise • Published: 2025-07-16 00:00:00 UTC

GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4. 

CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch

Source: BleepingComputer • Published: 2025-07-11 14:45:57 UTC

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...]

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Source: TheHackerNews • Published: 2025-07-11 04:25:00 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild. The shortcoming in question is CVE-2025-5777 (CVSS score: 9.3), an instance of insufficient input validation that

Public exploits released for CitrixBleed 2 NetScaler flaw, patch now

Source: BleepingComputer • Published: 2025-07-07 22:57:37 UTC

Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable and can successfully steal user session tokens. [...]

Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now

Source: BleepingComputer • Published: 2025-07-07 22:57:37 UTC

CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?

Source: Horizon3.ai Attack Research • Published: 2025-07-07 13:29:17 UTC

Background and Confusion On June 17, 2025, Citrix published an advisory detailing CVE-2025-5777 and CVE-2025-5349. Affected products include: On June 25, 2025, they also published an advisory detailing CVE-2025-6543. Affected products include: Of the three vulnerabilities, two of them have been receiving a bit of buzz: While we’ve developed a working exploit for one of […]

How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)

Source: Watchtower Labs • Published: 2025-07-04 19:13:56 UTC

Before you dive into our latest diatribe, indulge us and join us on a journey.Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, and

CVE-2025-5777

Source: Horizon3.ai Attack Research • Published: 2025-07-03 12:25:37 UTC

Citrix NetScaler Buffer Overread Vulnerability

Citrix Bleed 2 flaw now believed to be exploited in attacks

Source: BleepingComputer • Published: 2025-06-27 14:18:09 UTC

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]

CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway

Source: Arctic Wolf • Published: 2025-06-25 21:22:18 UTC

On June 23, 2025, Citrix updated the scope of a previously disclosed vulnerability—CVE-2025-5777—to clarify that it affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. CVE-2025-5777, originally disclosed on June 17, is a critical-severity out-of-bounds read caused by insufficient input validation. It has been labeled ... CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-5777.yaml	2025-07-05 09:00:20 UTC

Timeline

CVE ID Reserved

June 06, 2025
CVE Published to Public

June 17, 2025
Added to KEVIntel

July 04, 2025
Detected by Nuclei

July 05, 2025