CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-5777

CVSS 9.3v4.0pub. 2025-06-17upd. 2025-10-30

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Citrix Netscaler Application Delivery Controller

    APP
    Citrix
    12.1 – 12.1-55.328 (bez)13.1 – 13.1-37.235 (bez)13.1 – 13.1-58.32 (bez)14.1 – 14.1-43.56 (bez)
  • Citrix Netscaler Gateway

    APP
    Citrix
    13.1 – 13.1-58.32 (bez)14.1 – 14.1-43.56 (bez)

CISA KEV — detailsi

Vendori
Citrix
Producti
NetScaler ADC and Gateway
Added to KEVi
July 10, 2025
Remediation deadline (US Federal)i
July 11, 2025(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 11 lipca 2025
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2026-3055CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Citrix NetScaler ADC/Gateway — memory overread przez SAML IDP

CVE-2025-7775CRITICAL9.2⚠ KEVPL ✓ten sam produkt

Przepełnienie pamięci w Citrix NetScaler ADC i Gateway — RCE/DoS

CVE-2025-6543CRITICAL9.2⚠ KEVPL ✓ten sam produkt

Przepełnienie pamięci w Citrix NetScaler ADC i Gateway – RCE/DoS przez VPN

CVE-2023-4966CRITICAL9.4⚠ KEVten sam produkt

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virt...

CVE-2023-3519CRITICAL9.8⚠ KEVten sam produkt

Unauthenticated remote code execution