← back
CVE-2025-5777

NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread

CVSS 9.3 CRITICALEPSS 99.9%● KEVCWE-125CWE-457
In short

NetScaler ADC and NetScaler Gateway have a flaw where they don't properly check user input, allowing attackers to read data from memory they shouldn't access. This is dangerous because it can expose sensitive information like passwords or encryption keys.

Technical detail

Insufficient input validation in NetScaler Gateway (VPN, ICA Proxy, CVPN, RDP Proxy) and AAA virtual servers enables out-of-bounds memory read (CWE-125, CWE-457). An attacker can craft malicious input to trigger memory overread, potentially disclosing sensitive data without authentication or special privileges, depending on the specific configuration.

Summary generated and translated by AI from the official description.
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected products
NetScaler · ADCNetScaler · Gateway
public PoCs found24
githubgithub.com/win3zz/CVE-2025-577747githubgithub.com/bughuntar/CVE-2025-577730githubgithub.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC-17githubgithub.com/Chocapikk/CVE-2025-57777githubgithub.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE4githubgithub.com/soltanali0/CVE-2025-5777-Exploit4githubgithub.com/nocerainfosec/cve-2025-57773githubgithub.com/ndr-repo/CVE-2025-57773githubgithub.com/orange0Mint/CitrixBleed-2-CVE-2025-57772githubgithub.com/cyberleelawat/ExploitVeer2githubgithub.com/RickGeex/CVE-2025-5777-CitrixBleed1githubgithub.com/0xBlackash/CVE-2025-57770githubgithub.com/mr-r3b00t/CVE-2025-57770githubgithub.com/idobarel/CVE-2025-57770githubgithub.com/RaR1991/citrix_bleed_20githubgithub.com/FrenzisRed/CVE-2025-57770githubgithub.com/0xgh057r3c0n/CVE-2025-57770githubgithub.com/SleepNotF0und/CVE-2025-57770githubgithub.com/rob0tstxt/POC-CVE-2025-57770githubgithub.com/below0day/Honeypot-Logs-CVE-2025-57770githubgithub.com/rootxsushant/Citrix-NetScaler-Memory-Leak-CVE-2025-57770githubgithub.com/Anshika2709/Citrixbleed2-CVE-2025-57770githubgithub.com/rashedhasan090/CVE-2025-57770exploitdbwww.exploit-db.com/exploits/52401unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://citrixbleed.comhttps://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/