CVE-2025-5777

Overview

NetScaler contains a buffer overread vulnerability caused by insufficient input validation when configured as a Gateway or AAA (Authentication, Authorization, Accounting) virtual server. An attacker with network access can trigger a memory overread condition, potentially leading to information disclosure. The vulnerability was disclosed on June 17, 2025. CISA has identified CVE-2025-5777 as being exploited and is known to be used in ransomware campaigns.

Technical details

The vulnerability exists in NetScaler's input handling mechanism when processing requests on Gateway or AAA virtual servers. Due to insufficient input validation, an attacker can craft a specially-designed network packet that causes the application to read beyond the bounds of allocated memory. This buffer overread allows an attacker to access sensitive data that may be stored in adjacent memory regions.

The vulnerability is classified as CWE-126 (Buffer Over-read) andCWE-20 (Improper Input Validation) .

The vulnerability has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating its high nature.

Impact

An attacker can read sensitive data from memory adjacent to the overread buffer. This could include session tokens, authentication credentials, configuration data, or other sensitive information residing in the NetScaler process memory. While the vulnerability does not directly allow code execution or availability disruption, the information disclosure could be leveraged for further attacks such as session hijacking or privilege escalation.

Mitigation and workarounds

Apply the applicable security patch for your NetScaler ADC version. Citrix recommends prioritizing updates for systems configured as Gateway or AAA virtual servers. Updates can be obtained from the Citrix Download portal or via automatic update mechanisms if configured. The following versions include the necessary fixes: NetScaler ADC 13.1-63.18 and later, NetScaler ADC 14.1-17.14 and later, NetScaler ADC 15.1-32.35 and later, NetScaler ADC 15.2-40.15 and later, NetScaler ADC 15.3-12.18 and later, NetScaler ADC 15.4-12.11 and later.

As temporary workarounds: if immediate patching is not possible, disable aaa or gateway virtual servers that are not actively in use.; implement network-level access controls to restrict access to gateway and aaa virtual servers to trusted networks only using firewall rules or network segmentation., and monitor netscaler logs for unusual connection patterns or malformed requests targeting gateway/aaa services..

CISA's recommendation: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional resources

Source: This report was generated using AI

Vulnerability Management

Attack Surface Management

Cybersecurity Asset Management

AI Security Automation

Credentials Leaks Monitoring

Cloud Security

External Scanning

Internal Scanning

Attack Surface Monitoring

DAST

Website Security

Risk Based Prioritization

API Security

Emerging Threat Detection

CSPM

Compliance

Cyber Hygiene Reporting

Integrations

Compare Vullify

Qualys Alternative

Tenable Alternative

Rapid7 Alternative

Intruder Alternative

Detectify Alternative

Acunetix Alternative

Invicti Alternative

Pentest-Tools Alternative

Security

Blog

Cyber Glossary

Vulnerability Database

Customers

Help Center

Customer Stories

Developer Hub

About

Press

Partners

Careers

Contact

Book a Demo

NetScaler ADC and Gateway vulnerability analysis and mitigation — HIGH (CVSS 7.5)

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

Related NetScaler Vulnerabilities

Platform

Solutions

Resources

Company