Detections
Analytics
CVE-2025-5777
critical
Description
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
From the Tenable Blog
CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation
Published: 2025-06-27
Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2.
References
https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71
https://www.greynoise.io/blog/exploitation-citrixbleed-2-cve-2025-5777-before-public-poc
https://www.securityweek.com/citrixbleed-2-flaw-poses-unacceptable-risk-cisa/
https://www.databreachtoday.com/attackers-now-scanning-extensively-for-citrix-bleed-2-a-28959
https://cyberscoop.com/citrixbleed2-exploits-spread/
https://therecord.media/cisa-orders-agencies-patch-citrix-bleed-2
https://thehackernews.com/2025/07/cisa-adds-citrix-netscaler-cve-2025.html
https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
https://www.securityweek.com/exploits-technical-details-released-for-citrixbleed2-vulnerability/
https://www.theregister.com/2025/07/07/citrixbleed_2_exploits/
https://www.infosecurity-magazine.com/news/citrixbleed-2-detection-analysis/
https://www.databreachtoday.com/attackers-actively-exploit-citrix-bleed-2-vulnerability-a-28907
https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html
https://www.securityweek.com/evidence-suggests-exploitation-of-citrixbleed-2-vulnerability/
https://www.infosecurity-magazine.com/news/citrixbleed-2-vulnerability/
https://www.helpnetsecurity.com/2025/06/30/citrixbleed-2-might-be-actively-exploited-cve-2025-5777/
https://www.securityweek.com/critical-citrix-netscaler-flaw-exploited-as-zero-day/
https://www.theregister.com/2025/06/25/citrix_netscaler_critical_bug_exploited/
https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html
https://thehackernews.com/2025/06/citrix-bleed-2-flaw-enables-token-theft.html
https://cyberscoop.com/citrix-zero-day-netscaler/
https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
https://www.securityweek.com/critical-vulnerability-patched-in-citrix-netscaler/
Details
Published: 2025-06-17
Updated: 2025-07-14
Named Vulnerability: CitrixBleed2Named Vulnerability: CitrixBleed 2Named Vulnerability: Citrix Bleed 2Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Severity: High
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: High
CVSS v4
Base Score: 9.3
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Severity: Critical
EPSS
EPSS: 0.18927
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Concern