{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5777","assignerOrgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","state":"PUBLISHED","assignerShortName":"Citrix","dateReserved":"2025-06-06T06:14:02.358Z","datePublished":"2025-06-17T12:29:34.506Z","dateUpdated":"2026-02-26T17:50:34.679Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ADC","vendor":"NetScaler","versions":[{"lessThan":"43.56","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"58.32","status":"affected","version":"13.1","versionType":"patch"}]},{"defaultStatus":"unaffected","product":"Gateway","vendor":"NetScaler","versions":[{"lessThan":"43.56","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"58.32","status":"affected","version":"13.1","versionType":"patch"}]}],"datePublic":"2025-06-17T12:25:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Insufficient input validation leading to memory overread when the</span>&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server</span>"}],"value":"Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","shortName":"Citrix","dateUpdated":"2025-06-24T00:57:12.458Z"},"references":[{"url":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"}],"source":{"discovery":"UNKNOWN"},"title":"NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-5777","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-07-17T03:55:31.757062Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2025-07-10","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"}}}],"references":[{"url":"https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71","tags":["third-party-advisory","technical-description","signature"]},{"url":"https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/","tags":["media-coverage"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-457","description":"CWE-457 Use of Uninitialized Variable"}]}],"timeline":[{"time":"2025-07-10T00:00:00.000Z","lang":"en","value":"CVE-2025-5777 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:34.679Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-08-13T18:49:26.791Z"},"references":[{"url":"https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/"},{"url":"https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/"},{"url":"https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/"},{"url":"https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/"},{"url":"https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"},{"url":"https://citrixbleed.com"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}]}}