CVE-2025-5777 — Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability

2025-07-10 • CISA Known Exploited Vulnerability

[event] Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.

> AFFECTED SOFTWARE

Field	Value
Vendor	Citrix
Product	NetScaler ADC and Gateway
CWE	CWE-125
CVE ID	CVE-2025-5777
Date Added	2025-07-10
Due Date	2025-07-11
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-07-11

> REFERENCES

[1] https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-5777