IRONSMITHINTEL
HIGHCVSS7.5
|
Actively Exploited
|CISA KEV|CVE-2025-5777|Auth: none — unauthenticated|Reboot: required|Manual only

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability (CVE-2025-5777)

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Published Jun 17, 2025 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2025-07-11 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Out-of-bounds Read (CWE-125) vulnerability in Citrix NetScaler ADC and Gateway. Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Network Security Team
Firewall Administrators
IT Security
Running netscaler application delivery controller: 12.1 ≤ v < 12.1-55.328, 13.1 ≤ v < 13.1-37.235, 13.1 ≤ v < 13.1-58.32, 14.1 ≤ v < 14.1-43.56; netscaler gateway: 13.1 ≤ v < 13.1-58.32, 14.1 ≤ v < 14.1-43.56
Real-world incidentsWhat we've seen

Used in known ransomware campaigns. Threat-research write-up: https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/

How to patch

Manual remediation steps

1
Identify affected hosts: query inventory for network-security installs in scope.
2
Apply the vendor security update referenced in CVE-2025-5777's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2025-5777MSRC AdvisoryNVDVendor Advisory