CVE-2025-5777
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 06, 2025
- Published Date
- June 17, 2025
- Last Updated
- July 30, 2025
- Vendor
- NetScaler
- Product
- ADC, Gateway
- Description
- Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- Tags
- Score
- 20.33% (Percentile: 95.26%) as of 2025-07-29
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-07-03 00:00:00 UTC) Source
CVSS Scores
CVSS v4.0
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
EPSS Score
SSVC Information
Exploit Status
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
The Shadowserver (via CIRCL) | 2025-07-04 12:00:14 UTC |
Recent Mentions
Follow-Up: Updates on Actively Exploited Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway (CVE-2025-5777)
Source: Arctic Wolf • Published: 2025-07-18 19:13:19 UTC
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks
Source: BleepingComputer • Published: 2025-07-17 23:37:34 UTC
Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public
Source: GreyNoise • Published: 2025-07-16 00:00:00 UTC
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
Source: BleepingComputer • Published: 2025-07-11 14:45:57 UTC
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
Source: TheHackerNews • Published: 2025-07-11 04:25:00 UTC
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Source: BleepingComputer • Published: 2025-07-07 22:57:37 UTC
Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now
Source: BleepingComputer • Published: 2025-07-07 22:57:37 UTC
CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe?
Source: Horizon3.ai Attack Research • Published: 2025-07-07 13:29:17 UTC
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)
Source: Watchtower Labs • Published: 2025-07-04 19:13:56 UTC
CVE-2025-5777
Source: Horizon3.ai Attack Research • Published: 2025-07-03 12:25:37 UTC
Citrix Bleed 2 flaw now believed to be exploited in attacks
Source: BleepingComputer • Published: 2025-06-27 14:18:09 UTC
CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway
Source: Arctic Wolf • Published: 2025-06-25 21:22:18 UTC
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-5777.yaml | 2025-07-05 09:00:20 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei