How severe is CVE-2025-5777?

CVE-2025-5777 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-5777

Name: netscaler_application_delivery_controller
Author: citrix

7.5HIGH

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Veröffentlicht: 6/17/2025Aktualisiert: 10/30/2025

CISA Bekannte Ausgenutzte Schwachstelle

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

Erforderliche Maßnahme:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Fälligkeitsdatum:

2025-07-11

Bekannte Ransomware-Nutzung

Beschreibung

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

KI-AnalyseKI-gestützt

Betroffene Produkte

citrixnetscaler_application_delivery_controller

citrixnetscaler_gateway

CISA Bekannte Ausgenutzte Schwachstelle

Beschreibung

KI-AnalyseKI-gestützt

Betroffene Produkte

Verfügbare Exploits (1)

Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure

Referenzen