⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due date: 2025-07-11.

CVE-2025-5777 — CitrixBleed 2: Out-of-bounds Read in ADC

CWE-125 — Out-of-bounds Read CWE-908 — Use of Uninitialized Resource CWE-457 — Use of Uninitialized Variable CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer35 documents13 sources

Severity

9.3CRITICALNVD

VulnCheck9.2CISA9.2

EPSS

66.7%

top 1.46%

CISA KEV

KEVRansomware

Added 2025-07-10

Due 2025-07-11

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netscaler ADC Netscaler Gateway Citrix Netscaler Application Delivery Controller +1 more

Timeline

PublishedJun 17

KEV addedJul 10

KEV dueJul 11

Latest updateMar 28

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages4 packages

▶CVEListV5netscaler/gateway14.1 — 43.56+1

▶NVDcitrix/netscaler_gateway13.1 — 13.1-58.32+1

▶CVEListV5netscaler/adc14.1 — 43.56+1

▶NVDcitrix/netscaler_application_delivery_controller12.1 — 12.1-55.328+3

🔴Vulnerability Details

GHSA

GHSA-29vj-j5w5-pcph: Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway↗2025-06-17

▶

VulnCheck

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability↗2025

▶

VulnCheck

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability↗2025

▶

💥Exploits & PoCs

Exploit-DB

Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure↗2025-08-11

▶

Nuclei

Citrix NetScaler Memory Disclosure - CitrixBleed 2

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Citrix Netscaler ADC & Gateway Memory Leak CitrixBleed2 (CVE-2025-5777)↗2025-07-07

▶

📋Vendor Advisories

CISA

Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability↗2025-07-10

▶

CISA

Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability↗2025-06-30

▶

🕵️Threat Intelligence

Hackernews

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug↗2026-03-28

▶

Hackernews

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks↗2026-03-24

▶

Hackernews

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More↗2026-03-19

▶

Bleepingcomputer

Wave of Citrix NetScaler scans use thousands of residential proxies↗2026-02-03

▶

Greynoiseio

The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates↗2026-02-02

▶