CVE-2025-5777— NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-5777
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Citrix NetScaler ADC和Citrix NetScaler Gateway都是美国Citrix公司的产品。Citrix NetScaler ADC是一个应用程序交付和安全性平台。Citrix NetScaler Gateway是一种安全远程访问的解决方案。 Citrix NetScaler ADC和Citrix NetScaler Gateway存在安全漏洞,该漏洞源于NetScaler Management Interface输入验证不足,可能导致内存过度读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2025-5777
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-5777.yaml | POC Details |
| 2 | 详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件 | https://github.com/mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC- | POC Details |
| 3 | CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway “memory bleed” | https://github.com/RickGeex/CVE-2025-5777-CitrixBleed | POC Details |
| 4 | CitrixBleed2 poc | https://github.com/idobarel/CVE-2025-5777 | POC Details |
| 5 | Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP Proxy). | https://github.com/nocerainfosec/cve-2025-5777 | POC Details |
| 6 | Citrix Bleed 2 PoC Scanner (CVE-2025-5777) | https://github.com/RaR1991/citrix_bleed_2 | POC Details |
| 7 | CitrixBleed-2 Checker & Poc automatic exploit and check token. | https://github.com/orange0Mint/CitrixBleed-2-CVE-2025-5777 | POC Details |
| 8 | CitrixBleed 2 (CVE-2025-5777) | https://github.com/Chocapikk/CVE-2025-5777 | POC Details |
| 9 | CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices | https://github.com/win3zz/CVE-2025-5777 | POC Details |
| 10 | CitrixBleed2 powershell version | https://github.com/FrenzisRed/CVE-2025-5777 | POC Details |
| 11 | CVE-2025-5777 Citrix NetScaler Memory Leak Exploit (CitrixBleed 2) | https://github.com/bughuntar/CVE-2025-5777 | POC Details |
| 12 | Citrix NetScaler Memory Leak PoC | https://github.com/0xgh057r3c0n/CVE-2025-5777 | POC Details |
| 13 | CVE-2025-5777 (CitrixBleed 2) - [Citrix NetScaler ADC] [Citrix Gateway] | https://github.com/SleepNotF0und/CVE-2025-5777 | POC Details |
| 14 | An advanced, powerful, and easy-to-use tool designed to detect and exploit CVE-2025-5777 (CitrixBleed 2). This script not only identifies the vulnerability but also helps in demonstrating its impact by parsing human-readable information from the memory leak. | https://github.com/cyberleelawat/ExploitVeer | POC Details |
| 15 | CVE-2025-5777 | https://github.com/B1ack4sh/Blackash-CVE-2025-5777 | POC Details |
| 16 | PoC for CVE-2025-5777 – Auth Bypass and RCE in Trend Micro Apex Central | https://github.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE | POC Details |
| 17 | None | https://github.com/rob0tstxt/POC-CVE-2025-5777 | POC Details |
| 18 | CitrixBleed 2 NetScaler honeypot logs | https://github.com/below0day/Honeypot-Logs-CVE-2025-5777 | POC Details |
| 19 | None | https://github.com/soltanali0/CVE-2025-5777-Exploit | POC Details |
| 20 | Update the old POC of CVE-2025-5777 Citrix NetScaler Memory leak | https://github.com/rootxsushant/Citrix-NetScaler-Memory-Leak-CVE-2025-5777 | POC Details |
| 21 | Exploit for CVE-2025-5777: Citrix NetScaler Memory Disclosure (CitrixBleed 2) | https://github.com/ndr-repo/CVE-2025-5777 | POC Details |
| 22 | 🛠️ Explore the CVE-2025-5777 memory leak vulnerability in Citrix NetScaler, illustrating the risks of uninitialized memory in parsing malformed POST data. | https://github.com/Lakiya673/CVE-2025-5777 | POC Details |
| 23 | Citrix NetScaler Memory Leak PoC | https://github.com/zr1p3r/CVE-2025-5777 | POC Details |
| 24 | placeholder for CitrixBleed 2.0 CVE-2025-5777 | https://github.com/mr-r3b00t/CVE-2025-5777 | POC Details |
| 25 | None | https://github.com/rashedhasan090/CVE-2025-5777 | POC Details |
| 26 | CVE-2025-5777 | https://github.com/Ashwesker/Blackash-CVE-2025-5777 | POC Details |
| 27 | CVE-2025-5777 | https://github.com/Ashwesker/Ashwesker-CVE-2025-5777 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-5777
请登录查看更多情报信息。
Same Patch Batch · NetScaler · 2025-06-17 · 3 CVEs total
| CVE-2025-5349 | NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management | |
| CVE-2025-4365 | NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read |
IV. Related Vulnerabilities
Same product: ADC
- CVE-2026-3055
Insufficient input validation leading to memory overread - CVE-2026-4368
Race Condition leading to User Session Mixup - CVE-2025-12101
Cross-Site Scripting (XSS) - CVE-2025-8424
Improper access control on the NetScaler Management Interfac - CVE-2025-7776
Memory overflow vulnerability leading to unpredictable or er
Same vendor: NetScaler
- CVE-2026-3055
Insufficient input validation leading to memory overread - CVE-2026-4368
Race Condition leading to User Session Mixup - CVE-2025-12101
Cross-Site Scripting (XSS) - CVE-2025-8424
Improper access control on the NetScaler Management Interfac - CVE-2025-7776
Memory overflow vulnerability leading to unpredictable or er
Same weakness: CWE-125
- CVE-2026-8177
XML::LibXML versions through 2.0210 for Perl read out-of-bou - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-7258
Out-of-bounds read in urldecode() on NetBSD - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-3508
ASUS System Control Interface 缓冲区错误漏洞
V. Comments for CVE-2025-5777
No comments yet