Aperçu
NetScaler contains a buffer overread vulnerability caused by insufficient input validation when configured as a Gateway or AAA (Authentication, Authorization, Accounting) virtual server. An attacker with network access can trigger a memory overread condition, potentially leading to information disclosure. La vulnérabilité a été divulguée le June 17, 2025. CISA a identifié CVE-2025-5777 comme étant exploitée et est connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
The vulnerability exists in NetScaler's input handling mechanism when processing requests on Gateway or AAA virtual servers. Due to insufficient input validation, an attacker can craft a specially-designed network packet that causes the application to read beyond the bounds of allocated memory. This buffer overread allows an attacker to access sensitive data that may be stored in adjacent memory regions.
La vulnérabilité est classifiée comme CWE-126 (Buffer Over-read) etCWE-20 (Improper Input Validation) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 7.5 (HIGH) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indiquant sa nature high.
Impact
An attacker can read sensitive data from memory adjacent to the overread buffer. This could include session tokens, authentication credentials, configuration data, or other sensitive information residing in the NetScaler process memory. While the vulnerability does not directly allow code execution or availability disruption, the information disclosure could be leveraged for further attacks such as session hijacking or privilege escalation.
Mitigation et contournements
Apply the applicable security patch for your NetScaler ADC version. Citrix recommends prioritizing updates for systems configured as Gateway or AAA virtual servers. Updates can be obtained from the Citrix Download portal or via automatic update mechanisms if configured. Les versions suivantes incluent les correctifs nécessaires : NetScaler ADC 13.1-63.18 and later, NetScaler ADC 14.1-17.14 and later, NetScaler ADC 15.1-32.35 and later, NetScaler ADC 15.2-40.15 and later, NetScaler ADC 15.3-12.18 and later, NetScaler ADC 15.4-12.11 and later.
Comme contournements temporaires : if immediate patching is not possible, disable aaa or gateway virtual servers that are not actively in use.; implement network-level access controls to restrict access to gateway and aaa virtual servers to trusted networks only using firewall rules or network segmentation., et monitor netscaler logs for unusual connection patterns or malformed requests targeting gateway/aaa services..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Source : Ce rapport a été généré par IA
