CVE-2025-5777

Confirmed PUBLISHED

NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread

NetScaler · ADC, Gateway

1 day faster than CISA KEV

Exploited in the wild Active exploitation observed Used in malware PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
6
Unique Attacker IPs
3
CISA KEV
In CISA KEV
CVSS / EPSS
9.3 Critical EPSS 99.9%

At a Glance

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

nuclei_scanner cisa malware
CVE Published
Jun 17, 2025
Exploitation Reported
Jun 01, 2026
CVSS
9.3 Critical
EPSS
99.9%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
NetScaler
ADC

14.1 to < 43.56

Affected
NetScaler
ADC

13.1 to < 58.32

Affected
NetScaler
Gateway

14.1 to < 43.56

Affected
NetScaler
Gateway

13.1 to < 58.32

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.