CVE-2025-5777

critical

Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

From the Tenable Blog

CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation

Published: 2025-06-27

Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2.

References

https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71

https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/

https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2

https://thehackernews.com/2025/07/cisa-adds-citrix-netscaler-cve-2025.html

https://securityaffairs.com/179813/hacking/u-s-cisa-adds-citrix-netscaler-adc-and-gateway-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/

https://www.cisa.gov/news-events/alerts/2025/07/10/cisa-adds-one-known-exploited-vulnerability-catalog

https://arstechnica.com/security/2025/07/critical-citrixbleed-2-vulnerability-has-been-under-active-exploit-for-weeks/

https://www.securityweek.com/exploits-technical-details-released-for-citrixbleed2-vulnerability/

https://www.theregister.com/2025/07/07/citrixbleed_2_exploits/

https://www.infosecurity-magazine.com/news/citrixbleed-2-detection-analysis/

https://www.databreachtoday.com/attackers-actively-exploit-citrix-bleed-2-vulnerability-a-28907

https://www.bleepingcomputer.com/news/security/public-exploits-released-for-citrixbleed-2-netscaler-flaw-patch-now/

https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html

https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/

https://www.securityweek.com/thousands-of-citrix-netscaler-instances-unpatched-against-exploited-vulnerabilities/

https://www.bleepingcomputer.com/news/security/over-1-200-citrix-servers-unpatched-against-critical-auth-bypass-flaw/

https://www.securityweek.com/evidence-suggests-exploitation-of-citrixbleed-2-vulnerability/

https://www.infosecurity-magazine.com/news/citrixbleed-2-vulnerability/

https://www.bleepingcomputer.com/news/security/citrix-bleed-2-flaw-now-believed-to-be-exploited-in-attacks/

https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/

https://www.bleepingcomputer.com/news/security/citrix-warns-of-login-issues-after-netscaler-auth-bypass-patch/

https://www.helpnetsecurity.com/2025/06/30/citrixbleed-2-might-be-actively-exploited-cve-2025-5777/

https://www.helpnetsecurity.com/2025/06/29/week-in-review-backdoor-found-in-soho-devices-running-linux-high-risk-winrar-rce-flaw-patched/

https://www.securityweek.com/critical-citrix-netscaler-flaw-exploited-as-zero-day/

https://securityaffairs.com/179339/hacking/citrixbleed-2-the-nightmare-that-echoes-the-citrixbleed-flaw-in-netscaler-devices.html

https://www.theregister.com/2025/06/25/citrix_netscaler_critical_bug_exploited/

https://www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/

https://www.bleepingcomputer.com/news/security/citrix-warns-of-netscaler-vulnerability-exploited-in-dos-attacks/

https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html

https://thehackernews.com/2025/06/citrix-bleed-2-flaw-enables-token-theft.html

https://cyberscoop.com/citrix-zero-day-netscaler/

https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/

https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206

https://www.helpnetsecurity.com/2025/06/23/critical-citrix-netscaler-bug-fixed-upgrade-asap-cve-2025-5777/

https://www.securityweek.com/critical-vulnerability-patched-in-citrix-netscaler/

https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/

Details

Source: Mitre, NVD

Published: 2025-06-17

Updated: 2025-07-12

Named Vulnerability: CitrixBleed 2Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Severity: Critical

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Concern

Detections

Analytics