CVE-2025-5777 - Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Project:Citrix
Product:NetScaler ADC and Gateway
Date Added:2025-07-10Due Date:2025-07-11
Vulnerability Name
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability
Description
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
https://nvd.nist.gov/vuln/detail/CVE-2025-5777
Related News Articles
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patchJuly 11, 2025