Citrix has identified and fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway, similar to the previously known CitrixBleed flaw. The vulnerability, which involves an out-of-bounds read flaw due to insufficient input validation, allows unauthorized attackers to grab valid session tokens from the memory of internet-facing NetScaler devices by sending malformed requests. This can lead to unauthorized access to the appliances. The company has urged customers to install the relevant updated versions as soon as possible and terminate active sessions to mitigate the risk.
TPRM report: https://scoringcyber.rankiteo.com/company/citrix
"id": "cit302062325",
"linkid": "citrix",
"type": "Vulnerability",
"date": "6/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Technology',
'name': 'Citrix',
'type': 'Organization'}],
'attack_vector': 'Network',
'description': 'Citrix has fixed a critical vulnerability (CVE-2025-5777) in '
'NetScaler ADC and NetScaler Gateway reminiscent of the '
'infamous and widely exploited CitrixBleed flaw.',
'impact': {'systems_affected': ['NetScaler ADC', 'NetScaler Gateway']},
'motivation': 'Unauthorized access',
'post_incident_analysis': {'corrective_actions': ['Upgrade to recommended '
'NetScaler builds',
'Terminate active ICA and '
'PCoIP sessions'],
'root_causes': ['Insufficient input validation',
'Improper access control']},
'recommendations': ['Upgrade to recommended NetScaler builds',
'Terminate active ICA and PCoIP sessions',
'Rebooting appliances not recommended'],
'references': [{'source': 'Citrix Advisory'}],
'response': {'containment_measures': ['Upgrade to recommended NetScaler '
'builds',
'Terminate active ICA and PCoIP '
'sessions'],
'remediation_measures': ['Install relevant updated versions',
'Kill terminate active sessions']},
'title': 'Citrix NetScaler Vulnerabilities',
'type': 'Vulnerability',
'vulnerability_exploited': ['CVE-2025-5777', 'CVE-2023-4966', 'CVE-2025-5349']}