CVE-2025-5349Improper Validation of Specified Quantity in Input in ADC

CWE-1284Improper Validation of Specified Quantity in InputCWE-125Out-of-bounds Read8 documents6 sources
Severity
8.7HIGHNVD
VulnCheck9.3
EPSS
0.3%
top 49.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netscaler ADCCitrix Netscaler Application Delivery ControllerCitrix Netscaler Gateway
Timeline
PublishedJun 17
Latest updateJul 6

Description

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages3 packages

NVDcitrix/netscaler_gateway13.113.1-58.32+1
CVEListV5netscaler/adc14.143.56+1

🔴Vulnerability Details

2
GHSA
GHSA-927h-58v2-fqv5: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway2025-06-17
VulnCheck
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability2025

🕵️Threat Intelligence

5
Wiz
Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog2025-07-06
Wiz
Critical vulnerabilities in NetScaler ADC exploited in-the-wild: everything you need to know | Wiz Blog2025-07-06
Wiz
Crying Out Cloud Newsletter - July 2025 | Wiz2025-07-01
Tenable
CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation2025-06-27
Bleepingcomputer
New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions2025-06-25