cvelistv5 - CVE-2025-5777

CVE-2025-5777 (GCVE-0-2025-5777)

Vulnerability from cvelistv5

Published

2025-06-17 12:29

Modified

2025-10-21 22:45

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CWE

CWE-125 - Out-of-bounds Read

Summary

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Assigner

Citrix

References

URL

Tags

secure@citrix.com	https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://citrixbleed.com	Third Party Advisory, Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/	Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/	Press/Media Coverage
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777	US Government Resource

Impacted products

Vendor

Product

Version

NetScaler

ADC

Affected: 14.1 , < 43.56 (patch)
Affected: 13.1 , < 58.32 (patch)

NetScaler

Gateway

Affected: 14.1 , < 43.56 (patch)
Affected: 13.1 , < 58.32 (patch)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2025-07-10

Due date: 2025-07-11

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5777",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T03:55:31.757062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-07-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-457",
                "description": "CWE-457 Use of Uninitialized Variable",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:45:24.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "technical-description",
              "signature"
            ],
            "url": "https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71"
          },
          {
            "tags": [
              "media-coverage"
            ],
            "url": "https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-07-10T00:00:00+00:00",
            "value": "CVE-2025-5777 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-08-13T18:49:26.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/"
          },
          {
            "url": "https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/"
          },
          {
            "url": "https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/"
          },
          {
            "url": "https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/"
          },
          {
            "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
          },
          {
            "url": "https://citrixbleed.com"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ADC",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "43.56",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "58.32",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Gateway",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "43.56",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "58.32",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2025-06-17T12:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficient input validation leading to memory overread when the\u003c/span\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\u003c/span\u003e"
            }
          ],
          "value": "Insufficient input validation leading to memory overread when the\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-24T00:57:12.458Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2025-5777",
    "datePublished": "2025-06-17T12:29:34.506Z",
    "dateReserved": "2025-06-06T06:14:02.358Z",
    "dateUpdated": "2025-10-21T22:45:24.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-5777",
      "cwes": "[\"CWE-125\"]",
      "dateAdded": "2025-07-10",
      "dueDate": "2025-07-11",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777",
      "product": "NetScaler ADC and Gateway",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.",
      "vendorProject": "Citrix",
      "vulnerabilityName": "Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-5777\",\"sourceIdentifier\":\"secure@citrix.com\",\"published\":\"2025-06-17T13:15:21.523\",\"lastModified\":\"2025-10-30T20:10:26.470\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient input validation leading to memory overread when the\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\"},{\"lang\":\"es\",\"value\":\"Validaci\u00f3n de entrada insuficiente que provoca una sobrelectura de memoria en la interfaz de administraci\u00f3n de NetScaler, NetScaler ADC y NetScaler Gateway\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2025-07-10\",\"cisaActionDue\":\"2025-07-11\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability\",\"weaknesses\":[{\"source\":\"secure@citrix.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-908\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-457\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"12.1\",\"versionEndExcluding\":\"12.1-55.328\",\"matchCriteriaId\":\"D907BEC2-6930-4989-A6E1-847B4763BB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-37.235\",\"matchCriteriaId\":\"7AF5A6EE-84A9-42AA-BC4B-7C3367D08CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-37.235\",\"matchCriteriaId\":\"E219F46B-FCBE-4DA2-9094-6ED128E8AF66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-58.32\",\"matchCriteriaId\":\"48A64F62-2A5A-40CB-A507-A48497BD749A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-43.56\",\"matchCriteriaId\":\"6484AA47-81F8-4EE6-9F33-96DEFE2F66E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"13.1-58.32\",\"matchCriteriaId\":\"2C86D66F-888F-4519-B700-9ADC4EE6913C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1\",\"versionEndExcluding\":\"14.1-43.56\",\"matchCriteriaId\":\"D4E61FAA-9EAB-4F9B-887F-C5DC0DA0C633\"}]}]}],\"references\":[{\"url\":\"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420\",\"source\":\"secure@citrix.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://citrixbleed.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Broken Link\"]},{\"url\":\"https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/\"}, {\"url\": \"https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/\"}, {\"url\": \"https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/\"}, {\"url\": \"https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/\"}, {\"url\": \"https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/\"}, {\"url\": \"https://citrixbleed.com\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-08-13T18:49:26.791Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5777\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-17T03:55:31.757062Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-07-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-07-10T00:00:00+00:00\", \"value\": \"CVE-2025-5777 added to CISA KEV\"}], \"references\": [{\"url\": \"https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71\", \"tags\": [\"third-party-advisory\", \"technical-description\", \"signature\"]}, {\"url\": \"https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/\", \"tags\": [\"media-coverage\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-457\", \"description\": \"CWE-457 Use of Uninitialized Variable\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T13:57:47.854Z\"}}], \"cna\": {\"title\": \"NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NetScaler\", \"product\": \"ADC\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"43.56\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"58.32\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NetScaler\", \"product\": \"Gateway\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"43.56\", \"versionType\": \"patch\"}, {\"status\": \"affected\", \"version\": \"13.1\", \"lessThan\": \"58.32\", \"versionType\": \"patch\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-06-17T12:25:00.000Z\", \"references\": [{\"url\": \"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient input validation leading to memory overread when the\\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eInsufficient input validation leading to memory overread when the\u003c/span\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"shortName\": \"Citrix\", \"dateUpdated\": \"2025-06-24T00:57:12.458Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-5777\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:45:24.347Z\", \"dateReserved\": \"2025-06-06T06:14:02.358Z\", \"assignerOrgId\": \"e437aed5-38e0-4fa3-a98b-cb73e7acaec6\", \"datePublished\": \"2025-06-17T12:29:34.506Z\", \"assignerShortName\": \"Citrix\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-ALE-009

Vulnerability from certfr_alerte

[Mise à jour du 17 juillet 2025]

L'éditeur a publié un lien contenant une méthode d'évaluation permettant d'identifier des tentatives d'exploitation dans les journaux applicatifs et systèmes [12].

[Mise à jour du 7 juillet 2025]

Le 17 juin 2025, Citrix a publié un bulletin de sécurité concernant notamment la vulnérabilité CVE-2025-5777 [11]. Celle-ci permet à un attaquant non authentifié de faire fuiter des portions aléatoires de la mémoire de NetScaler ADC et NetScaler Gateway et ainsi potentiellement récupérer les informations de connexion d'une session active.

Le 4 juillet 2025, une preuve de concept a été publiée publiquement. Celle-ci est triviale à utiliser et le CERT-FR constate des exploitations actives.
La vulnérabilité CVE-2025-5777 est exploitable par le biais du formulaire d'authentification.

Citrix recommande l'arrêt de toutes les sessions ICA et PCoIP actives après l'installation du correctif. Le CERT-FR recommande d'aller plus loin avec l'inspection des sessions actives fraîchement renouvelées en ciblant en priorité celles qui proviennent de plusieurs adresses IP.
De plus, si le correctif pour la vulnérabilité CVE-2025-5777 a été installé après la publication de la preuve de concept, le CERT-FR recommande également le renouvellement des mots de passe des utilisateurs.

Les vulnérabilités CVE-2025-6543 et CVE-2025-5777 étant activement exploitées, tout Netscaler exposé qui n'aurait pas reçu les correctifs pour ces deux vulnérabilités doit être considéré comme compromis.

[Publication initiale]

Le 25 juin 2025, Citrix a publié un avis de sécurité concernant la vulnérabilité CVE-2025-6543 affectant NetScaler ADC et NetScaler Gateway. L'éditeur lui a attribué un score CVSS v4.0 de 9,2 et indique qu'elle permet à un attaquant de provoquer un débordement de mémoire entrainant un flux de contrôle imprévu et un déni de service à distance. L'équipement est vulnérable s'il est configuré en tant que passerelle (Gateway : VPN virtual server, ICA Proxy, CVPN, RDP Proxy) ou en tant que serveur virtuel AAA (AAA virtual server).

Citrix indique que les produits NetScaler ADC et NetScaler Gateway en version 12.1 et 13.0 sont en fin de vie. L'éditeur recommande aux utilisateurs de migrer vers une version supportée et à jour.

Citrix déclare avoir connaissance d'exploitations actives de cette vulnérabilité.

L'obtention des marqueurs de compromission se fait via la page d’assistance de Citrix [1][2]. NetScaler préconise en particulier de rechercher des arrêts inopinés [2].

En cas de suspicion de compromission, l'éditeur recommande [3] : * si le NetScaler est une instance virtuelle VPX : * réaliser un instantané du système de fichier et de la mémoire vive ; * documenter l'heure du système, les paramètres du fuseau horaire et la configuration NTP avant l'isolation ; * si possible, éviter d'éteindre la machine afin de conserver les traces nécessaires aux investigations ; * générer un fichier de support sur ADC [4] ; * générer un Core Dump NSPPE sur NetScaler [5] ; * si le NetScaler est un équipement MPX ou SDX, récupérer une image du disque ; * isoler totalement la machine concernée du réseau, vis-à-vis d'Internet comme du réseau interne, afin de limiter les risques de nouvel accès non autorisé et de latéralisation ; * révoquer des informations d'identification et d'accès : * changer les mots de passe et secrets des comptes de service stockés sur le NetScaler tel que les comptes de service LDAP, les secrets partagés RADIUS, les jetons OAuth, les clés API, les noms de communauté SNMP ; * modifier les comptes utilisateurs susceptibles d'avoir été authentifiés via la plateforme suspectée d'être compromise, y compris les serveurs virtuels Gateway ou AAA ; * révoquer les certificats et les clés privées associées stockées sur la plateforme suspectée d'être compromise ; * examiner tous les serveurs et systèmes auxquels l'ADC NetScaler s'est connecté pour détecter tout signe de compromission ; * si le NetScaler est un équipement MPX, se référer au guide pour effacer et réinstaller le MPX [6] ; * si le NetScaler est un équipement SDX ou une instance virtuelle VPX, se référer au guide pour effacer et réinstaller le SDX ou le VPX [7] ; * mettre à jour le NetScaler ADC vers la dernière version disponible du micrologiciel (firmware) avant de restaurer la sauvegarde de la configuration ; * restaurer une sauvegarde saine à l'aide de la console NetScaler, se référer au guide pour obtenir des instructions détaillées [8] ; * modifier tous les mots de passe des comptes locaux sur le NetScaler ADC ; * renouveler les clés de chiffrement (Key Encryption Keys) ; * supprimer tous les certificats SSL restaurés ; * remplacer tous les certificats SSL restaurés ; * pour renforcer le NetScaler ADC, se référer au guide pour obtenir les meilleures pratiques de sécurité pour NetScaler MPX, VPX et SDX [9].

En cas de compromission, signaler l’événement auprès du CERT-FR en mettant en copie vos éventuels CSIRTs métier et consulter les bons réflexes en cas d'intrusion sur un système d'information [10].

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). L'obtention des correctifs 13.1-FIPS et 13.1-NDcPP s'effectue via la page d’assistance de Citrix [1].

Les déploiements de Secure Private Access on-prem et Secure Private Access Hybrid utilisant des instances NetScaler sont également affectés par cette vulnérabilité.

Impacted products

Vendor	Product	Description
Citrix	NetScaler Gateway	NetScaler Gateway versions 14.1.x antérieures à 14.1-47.46
Citrix	NetScaler Gateway	NetScaler Gateway versions 13.1.x antérieures à 13.1-59.19
Citrix	NetScaler ADC	NetScaler ADC versions 14.1.x antérieures à 14.1-47.46
Citrix	NetScaler ADC	NetScaler ADC versions 13.1.x antérieures à 13.1-59.19
Citrix	NetScaler ADC	NetScaler ADC versions 13.1-FIPS et NDcPP versions antérieures à 13.1-37.236-FIPS et NDcPP

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX694788	2025-06-25	vendor-advisory
[12] Évaluation des journaux NetScaler pour identifier des tentatives d'exploitation	-	other
Documentation mise à jour d'un équipement NetScaler 14.1	-	other
Avis CERT-FR CERTFR-2025-AVI-0528 du 20 juin 2025	-	other
[4] Comment générer un fichier de support sur ADC	-	other
Documentation mise à jour d'un équipement NetScaler 13.1	-	other
[1] Assistance de Citrix	-	other
[7] À propos de NetScaler VPX	-	other
[8] Sauvegarde et restauration des instances NetScaler	-	other
[6] Guide effacement des données de votre NetScaler MPX	-	other
[2] Lettre d’information de NetScaler : mises à jour de sécurité critique de NetScaler pour les vulnérabilités CVE-2025-6543 et CVE-2025-5777	-	other
Avis CERT-FR CERTFR-2025-AVI-0540 du 26 juin 2025	-	other
[3] Mesures à prendre en cas de suspicion de compromission de NetScaler ADC	-	other
[10] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
[5] Comment générer un Core Dump NSPPE sur NetScaler	-	other
[11] Bulletin de sécurité Citrix CTX693420 du 17 juin 2025	-	other
[9] Meilleures pratiques de sécurité pour NetScaler MPX, VPX et SDX	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1-FIPS et NDcPP  versions ant\u00e9rieures \u00e0 13.1-37.236-FIPS et NDcPP",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les d\u00e9ploiements de Secure Private Access on-prem et Secure Private Access Hybrid utilisant des instances NetScaler sont \u00e9galement affect\u00e9s par cette vuln\u00e9rabilit\u00e9.",
  "closed_at": "2025-08-18",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\nL\u0027obtention des correctifs 13.1-FIPS et 13.1-NDcPP s\u0027effectue via la page d\u2019assistance de Citrix [1].",
  "cves": [
    {
      "name": "CVE-2025-6543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"
    },
    {
      "name": "CVE-2025-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"
    }
  ],
  "links": [
    {
      "title": "[12] \u00c9valuation des journaux NetScaler pour identifier des tentatives d\u0027exploitation",
      "url": "https://www.netscaler.com/blog/news/evaluating-netscaler-logs-for-indicators-of-attempted-exploitation-of-cve-2025-5777/"
    },
    {
      "title": "Documentation mise \u00e0 jour d\u0027un \u00e9quipement NetScaler 14.1",
      "url": "https://docs.netscaler.com/en-us/citrix-adc/14-1/upgrade-downgrade-citrix-adc-appliance.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0528 du 20 juin 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0528/"
    },
    {
      "title": "[4] Comment g\u00e9n\u00e9rer un fichier de support sur ADC",
      "url": "https://support.citrix.com/external/article/472859/how-to-generate-a-support-file-for-adc.html"
    },
    {
      "title": "Documentation mise \u00e0 jour d\u0027un \u00e9quipement NetScaler 13.1",
      "url": "https://docs.netscaler.com/en-us/citrix-adc/13-1/upgrade-downgrade-citrix-adc-appliance.html"
    },
    {
      "title": "[1] Assistance de Citrix",
      "url": "https://support.citrix.com/support-home/home"
    },
    {
      "title": "[7] \u00c0 propos de NetScaler VPX",
      "url": "https://docs.netscaler.com/en-us/vpx/current-release.html"
    },
    {
      "title": "[8] Sauvegarde et restauration des instances NetScaler",
      "url": "https://docs.netscaler.com/en-us/netscaler-application-delivery-management-software/current-release/networks/instance-management/backup-restore-netscaler-instances.html"
    },
    {
      "title": "[6]  Guide effacement des donn\u00e9es de votre NetScaler MPX",
      "url": "https://docs.netscaler.com/en-us/netscaler-hardware-platforms/mpx/wiping-your-data-before-sending-your-adc-appliance-to-netscaler"
    },
    {
      "title": "[2] Lettre d\u2019information de NetScaler : mises \u00e0 jour de s\u00e9curit\u00e9 critique de NetScaler pour les vuln\u00e9rabilit\u00e9s CVE-2025-6543 et CVE-2025-5777",
      "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0540 du 26 juin 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0540/"
    },
    {
      "title": "[3] Mesures \u00e0 prendre en cas de suspicion de compromission de NetScaler ADC",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694799"
    },
    {
      "title": "[10] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "[5] Comment g\u00e9n\u00e9rer un Core Dump NSPPE sur NetScaler",
      "url": "https://support.citrix.com/external/article?articleUrl=CTX207598-how-to-generate-nsppe-core-dump-on-netscaler"
    },
    {
      "title": "[11] Bulletin de s\u00e9curit\u00e9 Citrix CTX693420 du 17 juin 2025",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
    },
    {
      "title": "[9] Meilleures pratiques de s\u00e9curit\u00e9 pour NetScaler MPX, VPX et SDX",
      "url": "https://docs.netscaler.com/en-us/netscaler-adc-secure-deployment.html"
    }
  ],
  "reference": "CERTFR-2025-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-01T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-5777.",
      "revision_date": "2025-07-07T00:00:00.000000"
    },
    {
      "description": "    Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-08-18T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un lien contenant une m\u00e9thode d\u0027\u00e9valuation pour identifier des tentatives d\u0027exploitation",
      "revision_date": "2025-07-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 17 juillet 2025]\u003c/span\u003e**\n\nL\u0027\u00e9diteur a publi\u00e9 un lien contenant une m\u00e9thode d\u0027\u00e9valuation permettant d\u0027identifier des tentatives d\u0027exploitation dans les journaux applicatifs et syst\u00e8mes [12].\n\n**[Mise \u00e0 jour du 7 juillet 2025]**\n\nLe 17 juin 2025, Citrix a publi\u00e9 un bulletin de s\u00e9curit\u00e9 concernant notamment la vuln\u00e9rabilit\u00e9 CVE-2025-5777 [11]. Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 de faire fuiter des portions al\u00e9atoires de la m\u00e9moire de NetScaler ADC et NetScaler Gateway et ainsi potentiellement r\u00e9cup\u00e9rer les informations de connexion d\u0027une session active.\n\nLe 4 juillet 2025, une preuve de concept a \u00e9t\u00e9 publi\u00e9e publiquement. Celle-ci est triviale \u00e0 utiliser et le CERT-FR constate des exploitations actives. \u003cbr /\u003e\nLa vuln\u00e9rabilit\u00e9 CVE-2025-5777 est exploitable par le biais du formulaire d\u0027authentification.\n\nCitrix recommande l\u0027arr\u00eat de toutes les sessions ICA et PCoIP actives apr\u00e8s l\u0027installation du correctif. Le CERT-FR recommande d\u0027aller plus loin avec l\u0027inspection des sessions actives fra\u00eechement renouvel\u00e9es en ciblant en priorit\u00e9 celles qui proviennent de plusieurs adresses IP. \u003cbr /\u003e\nDe plus, si le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-5777 a \u00e9t\u00e9 install\u00e9 apr\u00e8s la publication de la preuve de concept, le CERT-FR recommande \u00e9galement le renouvellement des mots de passe des utilisateurs.\n\nLes vuln\u00e9rabilit\u00e9s CVE-2025-6543 et CVE-2025-5777 \u00e9tant activement exploit\u00e9es, tout Netscaler expos\u00e9 qui n\u0027aurait pas re\u00e7u les correctifs pour ces deux vuln\u00e9rabilit\u00e9s doit \u00eatre consid\u00e9r\u00e9 comme compromis.\n\n**[Publication initiale]**\n\nLe 25 juin 2025, Citrix a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-6543 affectant NetScaler ADC et NetScaler Gateway. L\u0027\u00e9diteur lui a attribu\u00e9 un score CVSS v4.0 de 9,2 et indique qu\u0027elle permet \u00e0 un attaquant de provoquer un d\u00e9bordement de m\u00e9moire entrainant un flux de contr\u00f4le impr\u00e9vu et un d\u00e9ni de service \u00e0 distance. L\u0027\u00e9quipement est vuln\u00e9rable s\u0027il est configur\u00e9 en tant que passerelle (*Gateway : VPN virtual server, ICA Proxy, CVPN, RDP Proxy*) ou en tant que serveur virtuel AAA (*AAA\u202fvirtual\u202fserver*).\n\nCitrix indique que les produits NetScaler ADC et NetScaler Gateway en version 12.1 et 13.0 sont en fin de vie. L\u0027\u00e9diteur recommande aux utilisateurs de migrer vers une version support\u00e9e et \u00e0 jour.\n\nCitrix d\u00e9clare avoir connaissance d\u0027exploitations actives de cette vuln\u00e9rabilit\u00e9.\n\nL\u0027obtention des marqueurs de compromission se fait via la page d\u2019assistance de Citrix [1][2]. NetScaler pr\u00e9conise en particulier de rechercher des arr\u00eats inopin\u00e9s [2]. \n\nEn cas de suspicion de compromission, l\u0027\u00e9diteur recommande [3] :\n* si le NetScaler est une instance virtuelle VPX :\n    * r\u00e9aliser un instantan\u00e9 du syst\u00e8me de fichier et de la m\u00e9moire vive ;\n    * documenter l\u0027heure du syst\u00e8me, les param\u00e8tres du fuseau horaire et la configuration NTP avant l\u0027isolation ;\n* si possible, \u00e9viter d\u0027\u00e9teindre la machine afin de conserver les traces n\u00e9cessaires aux investigations ;\n* g\u00e9n\u00e9rer un fichier de support sur ADC [4] ;\n* g\u00e9n\u00e9rer un Core Dump NSPPE sur NetScaler [5] ;\n*  si le NetScaler est un  \u00e9quipement MPX ou SDX, r\u00e9cup\u00e9rer une image du disque ;\n* isoler totalement la machine concern\u00e9e du r\u00e9seau, vis-\u00e0-vis d\u0027Internet comme du r\u00e9seau interne, afin de limiter les risques de nouvel acc\u00e8s non autoris\u00e9 et de lat\u00e9ralisation ;\n* r\u00e9voquer des informations d\u0027identification et d\u0027acc\u00e8s :\n    * changer les mots de passe et secrets des comptes de service stock\u00e9s sur le NetScaler tel que les comptes de service LDAP, les secrets partag\u00e9s RADIUS, les jetons OAuth, les cl\u00e9s API, les noms de communaut\u00e9 SNMP ;\n    * modifier les comptes utilisateurs susceptibles d\u0027avoir \u00e9t\u00e9 authentifi\u00e9s via la plateforme suspect\u00e9e d\u0027\u00eatre compromise, y compris les serveurs virtuels Gateway ou AAA ;\n    * r\u00e9voquer les certificats et les cl\u00e9s priv\u00e9es associ\u00e9es stock\u00e9es sur la plateforme suspect\u00e9e d\u0027\u00eatre compromise ;\n* examiner tous les serveurs et syst\u00e8mes auxquels l\u0027ADC NetScaler s\u0027est connect\u00e9 pour d\u00e9tecter tout signe de compromission ;\n* si le NetScaler est un \u00e9quipement MPX, se r\u00e9f\u00e9rer au guide pour effacer et r\u00e9installer le MPX [6] ;\n* si le NetScaler est un \u00e9quipement SDX ou une instance virtuelle VPX, se r\u00e9f\u00e9rer au guide pour effacer et r\u00e9installer le SDX ou le VPX [7] ;\n* mettre \u00e0 jour le NetScaler ADC vers la derni\u00e8re version disponible du micrologiciel (*firmware*) avant de restaurer la sauvegarde de la configuration ;\n* restaurer une sauvegarde saine \u00e0 l\u0027aide de la console NetScaler, se r\u00e9f\u00e9rer au guide pour obtenir des instructions d\u00e9taill\u00e9es [8] ;\n* modifier tous les mots de passe des comptes locaux sur le NetScaler ADC ;\n* renouveler les cl\u00e9s de chiffrement (*Key Encryption Keys*) ;\n* supprimer tous les certificats SSL restaur\u00e9s ; \n* remplacer tous les certificats SSL restaur\u00e9s ; \n* pour renforcer le NetScaler ADC, se r\u00e9f\u00e9rer au guide pour obtenir les meilleures pratiques de s\u00e9curit\u00e9 pour NetScaler MPX, VPX et SDX [9].\n\nEn cas de compromission, signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier et consulter les bons r\u00e9flexes en cas d\u0027intrusion sur un syst\u00e8me d\u0027information [10].",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694788",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788\u0026articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_6543"
    }
  ]
}

CERTFR-2025-ALE-009

Vulnerability from certfr_alerte

[Mise à jour du 17 juillet 2025]

L'éditeur a publié un lien contenant une méthode d'évaluation permettant d'identifier des tentatives d'exploitation dans les journaux applicatifs et systèmes [12].

[Mise à jour du 7 juillet 2025]

[Publication initiale]

Citrix indique que les produits NetScaler ADC et NetScaler Gateway en version 12.1 et 13.0 sont en fin de vie. L'éditeur recommande aux utilisateurs de migrer vers une version supportée et à jour.

Citrix déclare avoir connaissance d'exploitations actives de cette vulnérabilité.

L'obtention des marqueurs de compromission se fait via la page d’assistance de Citrix [1][2]. NetScaler préconise en particulier de rechercher des arrêts inopinés [2].

Solutions

Les déploiements de Secure Private Access on-prem et Secure Private Access Hybrid utilisant des instances NetScaler sont également affectés par cette vulnérabilité.

Impacted products

Vendor	Product	Description
Citrix	NetScaler Gateway	NetScaler Gateway versions 14.1.x antérieures à 14.1-47.46
Citrix	NetScaler Gateway	NetScaler Gateway versions 13.1.x antérieures à 13.1-59.19
Citrix	NetScaler ADC	NetScaler ADC versions 14.1.x antérieures à 14.1-47.46
Citrix	NetScaler ADC	NetScaler ADC versions 13.1.x antérieures à 13.1-59.19
Citrix	NetScaler ADC	NetScaler ADC versions 13.1-FIPS et NDcPP versions antérieures à 13.1-37.236-FIPS et NDcPP

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX694788	2025-06-25	vendor-advisory
[12] Évaluation des journaux NetScaler pour identifier des tentatives d'exploitation	-	other
Documentation mise à jour d'un équipement NetScaler 14.1	-	other
Avis CERT-FR CERTFR-2025-AVI-0528 du 20 juin 2025	-	other
[4] Comment générer un fichier de support sur ADC	-	other
Documentation mise à jour d'un équipement NetScaler 13.1	-	other
[1] Assistance de Citrix	-	other
[7] À propos de NetScaler VPX	-	other
[8] Sauvegarde et restauration des instances NetScaler	-	other
[6] Guide effacement des données de votre NetScaler MPX	-	other
[2] Lettre d’information de NetScaler : mises à jour de sécurité critique de NetScaler pour les vulnérabilités CVE-2025-6543 et CVE-2025-5777	-	other
Avis CERT-FR CERTFR-2025-AVI-0540 du 26 juin 2025	-	other
[3] Mesures à prendre en cas de suspicion de compromission de NetScaler ADC	-	other
[10] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
[5] Comment générer un Core Dump NSPPE sur NetScaler	-	other
[11] Bulletin de sécurité Citrix CTX693420 du 17 juin 2025	-	other
[9] Meilleures pratiques de sécurité pour NetScaler MPX, VPX et SDX	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-47.46",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-59.19",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1-FIPS et NDcPP  versions ant\u00e9rieures \u00e0 13.1-37.236-FIPS et NDcPP",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Les d\u00e9ploiements de Secure Private Access on-prem et Secure Private Access Hybrid utilisant des instances NetScaler sont \u00e9galement affect\u00e9s par cette vuln\u00e9rabilit\u00e9.",
  "closed_at": "2025-08-18",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).\nL\u0027obtention des correctifs 13.1-FIPS et 13.1-NDcPP s\u0027effectue via la page d\u2019assistance de Citrix [1].",
  "cves": [
    {
      "name": "CVE-2025-6543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6543"
    },
    {
      "name": "CVE-2025-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"
    }
  ],
  "links": [
    {
      "title": "[12] \u00c9valuation des journaux NetScaler pour identifier des tentatives d\u0027exploitation",
      "url": "https://www.netscaler.com/blog/news/evaluating-netscaler-logs-for-indicators-of-attempted-exploitation-of-cve-2025-5777/"
    },
    {
      "title": "Documentation mise \u00e0 jour d\u0027un \u00e9quipement NetScaler 14.1",
      "url": "https://docs.netscaler.com/en-us/citrix-adc/14-1/upgrade-downgrade-citrix-adc-appliance.html"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0528 du 20 juin 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0528/"
    },
    {
      "title": "[4] Comment g\u00e9n\u00e9rer un fichier de support sur ADC",
      "url": "https://support.citrix.com/external/article/472859/how-to-generate-a-support-file-for-adc.html"
    },
    {
      "title": "Documentation mise \u00e0 jour d\u0027un \u00e9quipement NetScaler 13.1",
      "url": "https://docs.netscaler.com/en-us/citrix-adc/13-1/upgrade-downgrade-citrix-adc-appliance.html"
    },
    {
      "title": "[1] Assistance de Citrix",
      "url": "https://support.citrix.com/support-home/home"
    },
    {
      "title": "[7] \u00c0 propos de NetScaler VPX",
      "url": "https://docs.netscaler.com/en-us/vpx/current-release.html"
    },
    {
      "title": "[8] Sauvegarde et restauration des instances NetScaler",
      "url": "https://docs.netscaler.com/en-us/netscaler-application-delivery-management-software/current-release/networks/instance-management/backup-restore-netscaler-instances.html"
    },
    {
      "title": "[6]  Guide effacement des donn\u00e9es de votre NetScaler MPX",
      "url": "https://docs.netscaler.com/en-us/netscaler-hardware-platforms/mpx/wiping-your-data-before-sending-your-adc-appliance-to-netscaler"
    },
    {
      "title": "[2] Lettre d\u2019information de NetScaler : mises \u00e0 jour de s\u00e9curit\u00e9 critique de NetScaler pour les vuln\u00e9rabilit\u00e9s CVE-2025-6543 et CVE-2025-5777",
      "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2025-AVI-0540 du 26 juin 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0540/"
    },
    {
      "title": "[3] Mesures \u00e0 prendre en cas de suspicion de compromission de NetScaler ADC",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694799"
    },
    {
      "title": "[10] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "[5] Comment g\u00e9n\u00e9rer un Core Dump NSPPE sur NetScaler",
      "url": "https://support.citrix.com/external/article?articleUrl=CTX207598-how-to-generate-nsppe-core-dump-on-netscaler"
    },
    {
      "title": "[11] Bulletin de s\u00e9curit\u00e9 Citrix CTX693420 du 17 juin 2025",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
    },
    {
      "title": "[9] Meilleures pratiques de s\u00e9curit\u00e9 pour NetScaler MPX, VPX et SDX",
      "url": "https://docs.netscaler.com/en-us/netscaler-adc-secure-deployment.html"
    }
  ],
  "reference": "CERTFR-2025-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-01T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-5777.",
      "revision_date": "2025-07-07T00:00:00.000000"
    },
    {
      "description": "    Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-08-18T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un lien contenant une m\u00e9thode d\u0027\u00e9valuation pour identifier des tentatives d\u0027exploitation",
      "revision_date": "2025-07-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 17 juillet 2025]\u003c/span\u003e**\n\nL\u0027\u00e9diteur a publi\u00e9 un lien contenant une m\u00e9thode d\u0027\u00e9valuation permettant d\u0027identifier des tentatives d\u0027exploitation dans les journaux applicatifs et syst\u00e8mes [12].\n\n**[Mise \u00e0 jour du 7 juillet 2025]**\n\nLe 17 juin 2025, Citrix a publi\u00e9 un bulletin de s\u00e9curit\u00e9 concernant notamment la vuln\u00e9rabilit\u00e9 CVE-2025-5777 [11]. Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 de faire fuiter des portions al\u00e9atoires de la m\u00e9moire de NetScaler ADC et NetScaler Gateway et ainsi potentiellement r\u00e9cup\u00e9rer les informations de connexion d\u0027une session active.\n\nLe 4 juillet 2025, une preuve de concept a \u00e9t\u00e9 publi\u00e9e publiquement. Celle-ci est triviale \u00e0 utiliser et le CERT-FR constate des exploitations actives. \u003cbr /\u003e\nLa vuln\u00e9rabilit\u00e9 CVE-2025-5777 est exploitable par le biais du formulaire d\u0027authentification.\n\nCitrix recommande l\u0027arr\u00eat de toutes les sessions ICA et PCoIP actives apr\u00e8s l\u0027installation du correctif. Le CERT-FR recommande d\u0027aller plus loin avec l\u0027inspection des sessions actives fra\u00eechement renouvel\u00e9es en ciblant en priorit\u00e9 celles qui proviennent de plusieurs adresses IP. \u003cbr /\u003e\nDe plus, si le correctif pour la vuln\u00e9rabilit\u00e9 CVE-2025-5777 a \u00e9t\u00e9 install\u00e9 apr\u00e8s la publication de la preuve de concept, le CERT-FR recommande \u00e9galement le renouvellement des mots de passe des utilisateurs.\n\nLes vuln\u00e9rabilit\u00e9s CVE-2025-6543 et CVE-2025-5777 \u00e9tant activement exploit\u00e9es, tout Netscaler expos\u00e9 qui n\u0027aurait pas re\u00e7u les correctifs pour ces deux vuln\u00e9rabilit\u00e9s doit \u00eatre consid\u00e9r\u00e9 comme compromis.\n\n**[Publication initiale]**\n\nLe 25 juin 2025, Citrix a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-6543 affectant NetScaler ADC et NetScaler Gateway. L\u0027\u00e9diteur lui a attribu\u00e9 un score CVSS v4.0 de 9,2 et indique qu\u0027elle permet \u00e0 un attaquant de provoquer un d\u00e9bordement de m\u00e9moire entrainant un flux de contr\u00f4le impr\u00e9vu et un d\u00e9ni de service \u00e0 distance. L\u0027\u00e9quipement est vuln\u00e9rable s\u0027il est configur\u00e9 en tant que passerelle (*Gateway : VPN virtual server, ICA Proxy, CVPN, RDP Proxy*) ou en tant que serveur virtuel AAA (*AAA\u202fvirtual\u202fserver*).\n\nCitrix indique que les produits NetScaler ADC et NetScaler Gateway en version 12.1 et 13.0 sont en fin de vie. L\u0027\u00e9diteur recommande aux utilisateurs de migrer vers une version support\u00e9e et \u00e0 jour.\n\nCitrix d\u00e9clare avoir connaissance d\u0027exploitations actives de cette vuln\u00e9rabilit\u00e9.\n\nL\u0027obtention des marqueurs de compromission se fait via la page d\u2019assistance de Citrix [1][2]. NetScaler pr\u00e9conise en particulier de rechercher des arr\u00eats inopin\u00e9s [2]. \n\nEn cas de suspicion de compromission, l\u0027\u00e9diteur recommande [3] :\n* si le NetScaler est une instance virtuelle VPX :\n    * r\u00e9aliser un instantan\u00e9 du syst\u00e8me de fichier et de la m\u00e9moire vive ;\n    * documenter l\u0027heure du syst\u00e8me, les param\u00e8tres du fuseau horaire et la configuration NTP avant l\u0027isolation ;\n* si possible, \u00e9viter d\u0027\u00e9teindre la machine afin de conserver les traces n\u00e9cessaires aux investigations ;\n* g\u00e9n\u00e9rer un fichier de support sur ADC [4] ;\n* g\u00e9n\u00e9rer un Core Dump NSPPE sur NetScaler [5] ;\n*  si le NetScaler est un  \u00e9quipement MPX ou SDX, r\u00e9cup\u00e9rer une image du disque ;\n* isoler totalement la machine concern\u00e9e du r\u00e9seau, vis-\u00e0-vis d\u0027Internet comme du r\u00e9seau interne, afin de limiter les risques de nouvel acc\u00e8s non autoris\u00e9 et de lat\u00e9ralisation ;\n* r\u00e9voquer des informations d\u0027identification et d\u0027acc\u00e8s :\n    * changer les mots de passe et secrets des comptes de service stock\u00e9s sur le NetScaler tel que les comptes de service LDAP, les secrets partag\u00e9s RADIUS, les jetons OAuth, les cl\u00e9s API, les noms de communaut\u00e9 SNMP ;\n    * modifier les comptes utilisateurs susceptibles d\u0027avoir \u00e9t\u00e9 authentifi\u00e9s via la plateforme suspect\u00e9e d\u0027\u00eatre compromise, y compris les serveurs virtuels Gateway ou AAA ;\n    * r\u00e9voquer les certificats et les cl\u00e9s priv\u00e9es associ\u00e9es stock\u00e9es sur la plateforme suspect\u00e9e d\u0027\u00eatre compromise ;\n* examiner tous les serveurs et syst\u00e8mes auxquels l\u0027ADC NetScaler s\u0027est connect\u00e9 pour d\u00e9tecter tout signe de compromission ;\n* si le NetScaler est un \u00e9quipement MPX, se r\u00e9f\u00e9rer au guide pour effacer et r\u00e9installer le MPX [6] ;\n* si le NetScaler est un \u00e9quipement SDX ou une instance virtuelle VPX, se r\u00e9f\u00e9rer au guide pour effacer et r\u00e9installer le SDX ou le VPX [7] ;\n* mettre \u00e0 jour le NetScaler ADC vers la derni\u00e8re version disponible du micrologiciel (*firmware*) avant de restaurer la sauvegarde de la configuration ;\n* restaurer une sauvegarde saine \u00e0 l\u0027aide de la console NetScaler, se r\u00e9f\u00e9rer au guide pour obtenir des instructions d\u00e9taill\u00e9es [8] ;\n* modifier tous les mots de passe des comptes locaux sur le NetScaler ADC ;\n* renouveler les cl\u00e9s de chiffrement (*Key Encryption Keys*) ;\n* supprimer tous les certificats SSL restaur\u00e9s ; \n* remplacer tous les certificats SSL restaur\u00e9s ; \n* pour renforcer le NetScaler ADC, se r\u00e9f\u00e9rer au guide pour obtenir les meilleures pratiques de s\u00e9curit\u00e9 pour NetScaler MPX, VPX et SDX [9].\n\nEn cas de compromission, signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier et consulter les bons r\u00e9flexes en cas d\u0027intrusion sur un syst\u00e8me d\u0027information [10].",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler ADC et NetScaler Gateway",
  "vendor_advisories": [
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694788",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788\u0026articleURL=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_6543"
    }
  ]
}

wid-sec-w-2025-1349

Vulnerability from csaf_certbund

Published

2025-06-17 22:00

Modified

2025-08-26 22:00

Summary

Citrix Systems ADC: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Citrix Application Delivery Controller (ADC) ist eine Lösung zur Anwendungsbereitstellung und Lastverteilung. Citrix NetScaler ist eine integrierte Lösung für die Beschleunigung, das Traffic Management und die Sicherheit von Web-Applikationen. Citrix Access Gateway ist ein universell einsetzbares SSL-VPN. Advanced Access Control (AAC) ermöglichen es Administratoren, Zugriffsregeln für das Access Gateway festzulegen.

Angriff

Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems NetScaler ausnutzen, um Sicherheitsvorkehrungen zu umgehen, oder um einen Denial-of-Service auszulösen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Citrix Application Delivery Controller (ADC) ist eine L\u00f6sung zur Anwendungsbereitstellung und Lastverteilung.\r\nCitrix NetScaler ist eine integrierte L\u00f6sung f\u00fcr die Beschleunigung, das Traffic Management und die Sicherheit von Web-Applikationen. Citrix Access Gateway ist ein universell einsetzbares SSL-VPN. Advanced Access Control (AAC) erm\u00f6glichen es Administratoren, Zugriffsregeln f\u00fcr das Access Gateway festzulegen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer aus einem angrenzenden Netzwerk kann mehrere Schwachstellen in Citrix Systems ADC und Citrix Systems NetScaler ausnutzen, um Sicherheitsvorkehrungen zu umgehen, oder um einen Denial-of-Service auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1349 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1349.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1349 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1349"
      },
      {
        "category": "external",
        "summary": "NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777 vom 2025-06-17",
        "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
      },
      {
        "category": "external",
        "summary": "ReliaQuest Blog vom 2025-06-29",
        "url": "https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/"
      }
    ],
    "source_lang": "en-US",
    "title": "Citrix Systems ADC: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-26T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-27T11:46:23.112+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1349",
      "initial_release_date": "2025-06-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-06-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-06-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Potentielle Ausnutzung gemeldet, Text und Bewertung angepasst"
        },
        {
          "date": "2025-08-26T22:00:00.000+00:00",
          "number": "3",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14.1-43.56",
                "product": {
                  "name": "Citrix Systems ADC \u003c14.1-43.56",
                  "product_id": "T044727"
                }
              },
              {
                "category": "product_version",
                "name": "14.1-43.56",
                "product": {
                  "name": "Citrix Systems ADC 14.1-43.56",
                  "product_id": "T044727-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:14.1-43.56"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.1-58.32",
                "product": {
                  "name": "Citrix Systems ADC \u003c13.1-58.32",
                  "product_id": "T044728"
                }
              },
              {
                "category": "product_version",
                "name": "13.1-58.32",
                "product": {
                  "name": "Citrix Systems ADC 13.1-58.32",
                  "product_id": "T044728-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-58.32"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.1-37.235-FIPS",
                "product": {
                  "name": "Citrix Systems ADC \u003c13.1-37.235-FIPS",
                  "product_id": "T044729"
                }
              },
              {
                "category": "product_version",
                "name": "13.1-37.235-FIPS",
                "product": {
                  "name": "Citrix Systems ADC 13.1-37.235-FIPS",
                  "product_id": "T044729-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-37.235-fips"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.1-37.235-NDcPP",
                "product": {
                  "name": "Citrix Systems ADC \u003c13.1-37.235-NDcPP",
                  "product_id": "T044730"
                }
              },
              {
                "category": "product_version",
                "name": "13.1-37.235-NDcPP",
                "product": {
                  "name": "Citrix Systems ADC 13.1-37.235-NDcPP",
                  "product_id": "T044730-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:13.1-37.235-ndcpp"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.1-55.328-FIPS",
                "product": {
                  "name": "Citrix Systems ADC \u003c12.1-55.328-FIPS",
                  "product_id": "T044731"
                }
              },
              {
                "category": "product_version",
                "name": "12.1-55.328-FIPS",
                "product": {
                  "name": "Citrix Systems ADC 12.1-55.328-FIPS",
                  "product_id": "T044731-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:application_delivery_controller_firmware:12.1-55.328-fips"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ADC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Gateway \u003c14.1-43.56",
                "product": {
                  "name": "Citrix Systems NetScaler Gateway \u003c14.1-43.56",
                  "product_id": "T044724"
                }
              },
              {
                "category": "product_version",
                "name": "Gateway 14.1-43.56",
                "product": {
                  "name": "Citrix Systems NetScaler Gateway 14.1-43.56",
                  "product_id": "T044724-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:citrix:netscaler:gateway__14.1-43.56"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Gateway \u003c13.1-58.32",
                "product": {
                  "name": "Citrix Systems NetScaler Gateway \u003c13.1-58.32",
                  "product_id": "T044725"
                }
              },
              {
                "category": "product_version",
                "name": "Gateway 13.1-58.32",
                "product": {
                  "name": "Citrix Systems NetScaler Gateway 13.1-58.32",
                  "product_id": "T044725-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:citrix:netscaler:gateway__13.1-58.32"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetScaler"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5349",
      "product_status": {
        "known_affected": [
          "T044731",
          "T044730",
          "T044724",
          "T044725",
          "T044728",
          "T044727",
          "T044729"
        ]
      },
      "release_date": "2025-06-17T22:00:00.000+00:00",
      "title": "CVE-2025-5349"
    },
    {
      "cve": "CVE-2025-5777",
      "product_status": {
        "known_affected": [
          "T044731",
          "T044730",
          "T044724",
          "T044725",
          "T044728",
          "T044727",
          "T044729"
        ]
      },
      "release_date": "2025-06-17T22:00:00.000+00:00",
      "title": "CVE-2025-5777"
    }
  ]
}

ghsa-29vj-j5w5-pcph

Vulnerability from github

Published

2025-06-17 15:31

Modified

2025-10-22 00:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Details

Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-5777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-457",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T13:15:21Z",
    "severity": "CRITICAL"
  },
  "details": "Insufficient input validation leading to memory overread\u00a0on the NetScaler Management Interface\u00a0NetScaler ADC\u202fand NetScaler Gateway",
  "id": "GHSA-29vj-j5w5-pcph",
  "modified": "2025-10-22T00:33:18Z",
  "published": "2025-06-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5777"
    },
    {
      "type": "WEB",
      "url": "https://citrixbleed.com"
    },
    {
      "type": "WEB",
      "url": "https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71"
    },
    {
      "type": "WEB",
      "url": "https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777"
    },
    {
      "type": "WEB",
      "url": "https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
    },
    {
      "type": "WEB",
      "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777"
    },
    {
      "type": "WEB",
      "url": "https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

fkie_cve-2025-5777

Vulnerability from fkie_nvd

Published

2025-06-17 13:15

Modified

2025-10-30 20:10

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

References

URL	Tags
secure@citrix.com	https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://citrixbleed.com	Third Party Advisory, Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/	Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/	Press/Media Coverage
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777	US Government Resource

Impacted products

Vendor	Product	Version
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_application_delivery_controller	*
citrix	netscaler_gateway	*
citrix	netscaler_gateway	*

JSON

To clipboard

{
  "cisaActionDue": "2025-07-11",
  "cisaExploitAdd": "2025-07-10",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "D907BEC2-6930-4989-A6E1-847B4763BB12",
              "versionEndExcluding": "12.1-55.328",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*",
              "matchCriteriaId": "7AF5A6EE-84A9-42AA-BC4B-7C3367D08CAF",
              "versionEndExcluding": "13.1-37.235",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*",
              "matchCriteriaId": "E219F46B-FCBE-4DA2-9094-6ED128E8AF66",
              "versionEndExcluding": "13.1-37.235",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "48A64F62-2A5A-40CB-A507-A48497BD749A",
              "versionEndExcluding": "13.1-58.32",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "6484AA47-81F8-4EE6-9F33-96DEFE2F66E1",
              "versionEndExcluding": "14.1-43.56",
              "versionStartIncluding": "14.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C86D66F-888F-4519-B700-9ADC4EE6913C",
              "versionEndExcluding": "13.1-58.32",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4E61FAA-9EAB-4F9B-887F-C5DC0DA0C633",
              "versionEndExcluding": "14.1-43.56",
              "versionStartIncluding": "14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient input validation leading to memory overread when the\u00a0NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server"
    },
    {
      "lang": "es",
      "value": "Validaci\u00f3n de entrada insuficiente que provoca una sobrelectura de memoria en la interfaz de administraci\u00f3n de NetScaler, NetScaler ADC y NetScaler Gateway"
    }
  ],
  "id": "CVE-2025-5777",
  "lastModified": "2025-10-30T20:10:26.470",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "secure@citrix.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-17T13:15:21.523",
  "references": [
    {
      "source": "secure@citrix.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Broken Link"
      ],
      "url": "https://citrixbleed.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://www.bleepingcomputer.com/news/security/cisa-tags-citrix-bleed-2-as-exploited-gives-agencies-a-day-to-patch/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Press/Media Coverage"
      ],
      "url": "https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://reliaquest.com/blog/threat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5777"
    }
  ],
  "sourceIdentifier": "secure@citrix.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secure@citrix.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-457"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0528

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 12.1.x et 13.0.x de Netscaler ADC et Netstacler Gateway sont vulnérables et ne sont plus maintenues. Une mise à jour vers une version supportée est nécessaire pour la correction des vulnérabilités CVE-2025-5349 et CVE-2025-5777.

Impacted products

Vendor	Product	Description
Citrix	Workspace app	Workspace app antérieures à 2402 LTSR CU2 Hotfix 1 pour Windows
Citrix	NetScaler ADC	NetScaler ADC versions 13.1.x antérieures à 13.1-FIPS et 13.1-NDcPP 13.1-37.235
Citrix	NetScaler ADC	NetScaler ADC versions 14.1.x antérieures à 14.1-43.56
Citrix	Workspace app	Workspace app antérieures à 2402 LTSR CU3 Hotfix 1 pour Windows
Citrix	Workspace app	Workspace app versions antérieures à 2409 pour Windows
Citrix	Citrix Secure Access client	Secure Access Client versions antérieures à 25.5.1.15 pour Windows
Citrix	NetScaler ADC	NetScaler ADC versions antérieures à 13.1-58.32
Citrix	NetScaler Gateway	NetScaler Gateway versions antérieures à 13.1-58.32
Citrix	NetScaler ADC	NetScaler ADC versions 12.1.x antérieures à 12.1-FIPS 12.1-55.328
Citrix	NetScaler Gateway	NetScaler Gateway versions 14.1.x antérieures à 14.1-43.56

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX694718	2025-06-16	vendor-advisory
Bulletin de sécurité Citrix CTX694724	2025-06-17	vendor-advisory
Bulletin de sécurité Citrix CTX693420	2025-06-17	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Workspace app ant\u00e9rieures \u00e0 2402 LTSR CU2 Hotfix 1 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-FIPS et 13.1-NDcPP 13.1-37.235",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-43.56",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace app ant\u00e9rieures \u00e0 2402 LTSR CU3 Hotfix 1 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace app versions ant\u00e9rieures \u00e0 2409 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Secure Access Client versions ant\u00e9rieures \u00e0 25.5.1.15 pour Windows",
      "product": {
        "name": "Citrix Secure Access client",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-58.32",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-58.32",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 12.1.x ant\u00e9rieures \u00e0 12.1-FIPS 12.1-55.328",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-43.56",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 12.1.x et 13.0.x de Netscaler ADC et Netstacler Gateway sont vuln\u00e9rables et ne sont plus maintenues. Une mise \u00e0 jour vers une version support\u00e9e est n\u00e9cessaire pour la correction des vuln\u00e9rabilit\u00e9s CVE-2025-5349 et CVE-2025-5777.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0320"
    },
    {
      "name": "CVE-2025-5349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5349"
    },
    {
      "name": "CVE-2025-4879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4879"
    },
    {
      "name": "CVE-2025-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0528",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": "2025-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694718",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718\u0026articleURL=Citrix_Workspace_app_for_Windows_Security_Bulletin_CVE_2025_4879"
    },
    {
      "published_at": "2025-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694724",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724\u0026articleURL=Citrix_Secure_Access_Client_for_Windows_Security_Bulletin_for_CVE_2025_0320"
    },
    {
      "published_at": "2025-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX693420",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420\u0026artic%5B%E2%80%A6%5Dteway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777="
    }
  ]
}

CERTFR-2025-AVI-0528

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Citrix	Workspace app	Workspace app antérieures à 2402 LTSR CU2 Hotfix 1 pour Windows
Citrix	NetScaler ADC	NetScaler ADC versions 13.1.x antérieures à 13.1-FIPS et 13.1-NDcPP 13.1-37.235
Citrix	NetScaler ADC	NetScaler ADC versions 14.1.x antérieures à 14.1-43.56
Citrix	Workspace app	Workspace app antérieures à 2402 LTSR CU3 Hotfix 1 pour Windows
Citrix	Workspace app	Workspace app versions antérieures à 2409 pour Windows
Citrix	Citrix Secure Access client	Secure Access Client versions antérieures à 25.5.1.15 pour Windows
Citrix	NetScaler ADC	NetScaler ADC versions antérieures à 13.1-58.32
Citrix	NetScaler Gateway	NetScaler Gateway versions antérieures à 13.1-58.32
Citrix	NetScaler ADC	NetScaler ADC versions 12.1.x antérieures à 12.1-FIPS 12.1-55.328
Citrix	NetScaler Gateway	NetScaler Gateway versions 14.1.x antérieures à 14.1-43.56

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX694718	2025-06-16	vendor-advisory
Bulletin de sécurité Citrix CTX694724	2025-06-17	vendor-advisory
Bulletin de sécurité Citrix CTX693420	2025-06-17	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Workspace app ant\u00e9rieures \u00e0 2402 LTSR CU2 Hotfix 1 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 13.1.x ant\u00e9rieures \u00e0 13.1-FIPS et 13.1-NDcPP 13.1-37.235",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 14.1.x ant\u00e9rieures \u00e0 14.1-43.56",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace app ant\u00e9rieures \u00e0 2402 LTSR CU3 Hotfix 1 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Workspace app versions ant\u00e9rieures \u00e0 2409 pour Windows",
      "product": {
        "name": "Workspace app",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Secure Access Client versions ant\u00e9rieures \u00e0 25.5.1.15 pour Windows",
      "product": {
        "name": "Citrix Secure Access client",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions ant\u00e9rieures \u00e0 13.1-58.32",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions ant\u00e9rieures \u00e0 13.1-58.32",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler ADC versions 12.1.x ant\u00e9rieures \u00e0 12.1-FIPS 12.1-55.328",
      "product": {
        "name": "NetScaler ADC",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "NetScaler Gateway versions 14.1.x ant\u00e9rieures \u00e0 14.1-43.56",
      "product": {
        "name": "NetScaler Gateway",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 12.1.x et 13.0.x de Netscaler ADC et Netstacler Gateway sont vuln\u00e9rables et ne sont plus maintenues. Une mise \u00e0 jour vers une version support\u00e9e est n\u00e9cessaire pour la correction des vuln\u00e9rabilit\u00e9s CVE-2025-5349 et CVE-2025-5777.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0320"
    },
    {
      "name": "CVE-2025-5349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5349"
    },
    {
      "name": "CVE-2025-4879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4879"
    },
    {
      "name": "CVE-2025-5777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5777"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0528",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Citrix. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Citrix",
  "vendor_advisories": [
    {
      "published_at": "2025-06-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694718",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694718\u0026articleURL=Citrix_Workspace_app_for_Windows_Security_Bulletin_CVE_2025_4879"
    },
    {
      "published_at": "2025-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX694724",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694724\u0026articleURL=Citrix_Secure_Access_Client_for_Windows_Security_Bulletin_for_CVE_2025_0320"
    },
    {
      "published_at": "2025-06-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX693420",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420\u0026artic%5B%E2%80%A6%5Dteway_Security_Bulletin_for_CVE_2025_5349_and_CVE_2025_5777="
    }
  ]
}

ncsc-2025-0196

Vulnerability from csaf_ncscnl

Published

2025-06-18 08:32

Modified

2025-07-18 09:51

Summary

Kwetsbaarheden verholpen in Citrix NetScaler ADC en NetScaler Gateway

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Citrix heeft kwetsbaarheden verholpen in NetScaler ADC en NetScaler Gateway.

Interpretaties

De kwetsbaarheid met kenmerk CVE-2025-5777 betreft een Out-of-Bounds Read. Deze kwetsbaarheid ontstaat door onvoldoende invoervalidatie in systemen die zijn geconfigureerd als Gateway-diensten. Dit betreft onder andere VPN-virtual servers, ICA Proxy, Citrix Virtual Private Network (CVPN), Remote Desktop Protocol (RDP) Proxy en AAA-servers. In tegenstelling tot eerdere informatie van Citrix bevindt deze kwetsbaarheid zich **niet** in de management-interface. Deze kwetsbaarheid is daarmee op afstand te misbruiken door een kwaadwillende zonder voorafgaande authenticatie. Deze kwetsbaarheid wordt actief misbruikt. Tevens is voor de kwetsbaarheid is Proof-of-Concept-code (PoC) verschenen. De tweede kwetsbaarheid met kenmerk CVE-2025-5349, betreft een probleem met onjuiste toegangscontrole binnen de NetScaler Management Interface. Kwaadwillenden kunnen de kwetsbaarheid misbruiken voor het verkrijgen van ongeautoriseerde toegang tot bepaalde onderdelen van het systeem. Hiervoor heeft de kwaadwillende toegang nodig tot specifieke netwerkinterfaces, zoals het Network Services IP (NSIP), het Cluster Management IP of het lokale Global Server Load Balancing (GSLB) Site IP.

Oplossingen

Citrix heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Het NCSC adviseert met klem om deze updates zo snel mogelijk te installeren. Zie de beveiligingsadviezen van Citrix voor meer informatie. **UPDATE 2 van 18 juli 2025. 11.52u:** Aanvullend adviseert het NCSC alle organisaties die NetScaler ADC of NetScaler Gateway gebruiken om technisch onderzoek te doen naar mogelijk misbruik van CVE-2025-5777. Citrix heeft een websitebericht gepubliceerd waarin wordt uitgelegd hoe je je logbestanden op indicaties van misbruik controleert. Tevens heeft Citrix aangegeven op verzoek aanvullende indicators-of-compromise (IOC's) met klanten te delen. Het NCSC adviseert organisaties om deze IOC's bij Citrix op te vragen en systemen op aanwezigheid van deze IOC's te controleren. Daarnaast heeft DoublePulsar een blogpost gepubliceerd met meer context en additionele IOC's. Citrix adviseert daarnaast om alle actieve ICA- en PCoIP-connecties te beëindigen. De blog van DoublePulsar (zie referentie) van 15 juli 2025 benadrukt dat ook RDP-, AAA- en load balancing (LB) persistent sessies beëindigd moeten worden. Het NCSC neemt deze adviezen over, en adviseert organisaties om de genoemde connecties en sessies te beëindigen nadat de beveiligingsupdates zijn geïnstalleerd. Ondanks het installeren van beveiligingsupdates, kunnen Citrix-systemen namelijk nog steeds kwetsbaar zijn doordat sessies die al zijn gestart actief blijven. Een aanvaller die de kwetsbaarheid met kenmerk CVE-2025-5777 heeft misbruikt voordat de beveiligingsupdates zijn geïnstalleerd, kan via deze sessies daardoor toegang tot het systeem behouden. Gebruik de volgende commando's voor het beëindigen van de connecties en sessies: ``` kill icaconnection -all kill pcoipConnection -all kill aaa session -all kill rdp connection -all clear lb persistentSessions ``` Zie de bijgevoegde referenties voor meer informatie.

Kans

high

Schade

high

CWE-1284

Improper Validation of Specified Quantity in Input

CWE-284

Improper Access Control

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Citrix heeft kwetsbaarheden verholpen in NetScaler ADC en NetScaler Gateway.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid met kenmerk CVE-2025-5777 betreft een Out-of-Bounds Read. Deze kwetsbaarheid ontstaat door onvoldoende invoervalidatie in systemen die zijn geconfigureerd als Gateway-diensten. Dit betreft onder andere VPN-virtual servers, ICA Proxy, Citrix Virtual Private Network (CVPN), Remote Desktop Protocol (RDP) Proxy en AAA-servers. In tegenstelling tot eerdere informatie van Citrix bevindt deze kwetsbaarheid zich **niet** in de management-interface. Deze kwetsbaarheid is daarmee op afstand te misbruiken door een kwaadwillende zonder voorafgaande authenticatie.\n\nDeze kwetsbaarheid wordt actief misbruikt. Tevens is voor de kwetsbaarheid is Proof-of-Concept-code (PoC) verschenen.\n\nDe tweede kwetsbaarheid met kenmerk CVE-2025-5349, betreft een probleem met onjuiste toegangscontrole binnen de NetScaler Management Interface. Kwaadwillenden kunnen de kwetsbaarheid misbruiken voor het verkrijgen van ongeautoriseerde toegang tot bepaalde onderdelen van het systeem. Hiervoor heeft de kwaadwillende toegang nodig tot specifieke netwerkinterfaces, zoals het Network Services IP (NSIP), het Cluster Management IP of het lokale Global Server Load Balancing (GSLB) Site IP.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Citrix heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Het NCSC adviseert met klem om deze updates zo snel mogelijk te installeren. Zie de beveiligingsadviezen van Citrix voor meer informatie.\n\n**UPDATE 2 van 18 juli 2025. 11.52u:**\n\nAanvullend adviseert het NCSC alle organisaties die NetScaler ADC of NetScaler Gateway gebruiken om technisch onderzoek te doen naar mogelijk misbruik van CVE-2025-5777. Citrix heeft een websitebericht gepubliceerd waarin wordt uitgelegd hoe je je logbestanden op indicaties van misbruik controleert. Tevens heeft Citrix aangegeven op verzoek aanvullende indicators-of-compromise (IOC\u0027s) met klanten te delen. Het NCSC adviseert organisaties om deze IOC\u0027s bij Citrix op te vragen en systemen op aanwezigheid van deze IOC\u0027s te controleren. Daarnaast heeft DoublePulsar een blogpost gepubliceerd met meer context en additionele IOC\u0027s.\n\nCitrix adviseert daarnaast om alle actieve ICA- en PCoIP-connecties te be\u00ebindigen. De blog van DoublePulsar (zie referentie) van 15 juli 2025 benadrukt dat ook RDP-, AAA- en load balancing (LB) persistent sessies be\u00ebindigd moeten worden.\n\nHet NCSC neemt deze adviezen over, en adviseert organisaties om de genoemde connecties en sessies te be\u00ebindigen nadat de beveiligingsupdates zijn ge\u00efnstalleerd. Ondanks het installeren van beveiligingsupdates, kunnen Citrix-systemen namelijk nog steeds kwetsbaar zijn doordat sessies die al zijn gestart actief blijven. Een aanvaller die de kwetsbaarheid met kenmerk CVE-2025-5777 heeft misbruikt voordat de beveiligingsupdates zijn ge\u00efnstalleerd, kan via deze sessies daardoor toegang tot het systeem behouden.\n\nGebruik de volgende commando\u0027s voor het be\u00ebindigen van de connecties en sessies:\n\n```\nkill icaconnection -all\nkill pcoipConnection -all\nkill aaa session -all\nkill rdp connection -all\nclear lb persistentSessions\n```\n\nZie de bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Quantity in Input",
        "title": "CWE-1284"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - certbundde; cisagov; cveprojectv5; nvd",
        "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde; cveprojectv5; nvd",
        "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694729"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f"
      },
      {
        "category": "external",
        "summary": "Reference - cisagov; cveprojectv5; nvd",
        "url": "https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://www.netscaler.com/blog/news/evaluating-netscaler-logs-for-indicators-of-attempted-exploitation-of-cve-2025-5777/"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Citrix NetScaler ADC en NetScaler Gateway",
    "tracking": {
      "current_release_date": "2025-07-18T09:51:52.738778Z",
      "generator": {
        "date": "2025-06-05T14:45:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.1"
        }
      },
      "id": "NCSC-2025-0196",
      "initial_release_date": "2025-06-18T08:32:32.792202Z",
      "revision_history": [
        {
          "date": "2025-06-18T08:32:32.792202Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        },
        {
          "date": "2025-06-18T12:28:33.349827Z",
          "number": "1.0.1",
          "summary": "Het NCSC acht het waarschijnlijk dat deze kwetsbaarheden op korte termijn zullen worden misbruikt. De inschaling is daarom aangepast naar H/H. Het NCSC adviseert organisaties met klem om de door Citrix beschikbaar gestelde beveiligingsupdates op korte termijn te installeren.\n"
        },
        {
          "date": "2025-06-24T15:35:27.258452Z",
          "number": "1.0.2",
          "summary": "De kwetsbaarheid met kenmerk CVE-2025-5777 is, in tegenstelling tot eerdere informatie, op afstand te misbruiken. De inschaling blijft onverkort HIGH/HIGH."
        },
        {
          "date": "2025-07-08T08:02:17.923874Z",
          "number": "1.0.3",
          "summary": "Er is Proof-of-Concept-code (PoC) verschenen voor de kwetsbaarheid met kenmerk CVE-2025-5777. De kans op een toename van scanverkeer en grootschalig misbruik wordt hierdoor significant groter."
        },
        {
          "date": "2025-07-18T09:05:34.295726Z",
          "number": "1.0.4",
          "summary": "Een beveiligingsonderzoeker heeft een blogpost met aanvullend handelingsperspectief gepubliceerd. Deze is aan het handelingsperspectief van dit beveiligingsadvies toegevoegd. Het NCSC adviseert organisaties met klem om opvolging te geven aan de in dit advies genoemde maatregelen."
        },
        {
          "date": "2025-07-18T09:51:52.738778Z",
          "number": "1.0.5",
          "summary": "Het NCSC adviseert alle organisaties die NetScaler ADC of NetScaler Gateway gebruiken om technisch onderzoek te doen naar mogelijk misbruik van CVE-2025-5777. Zie het handelingsperspectief voor meer informatie."
        }
      ],
      "status": "final",
      "version": "1.0.5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/\u003c 14.1-43.56",
                "product": {
                  "name": "vers:unknown/\u003c 14.1-43.56",
                  "product_id": "CSAFPID-2924602"
                }
              }
            ],
            "category": "product_name",
            "name": "Netscaler ADC, NetScaler Gateway"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/\u003c13.1-58.32",
                "product": {
                  "name": "vers:unknown/\u003c13.1-58.32",
                  "product_id": "CSAFPID-2924603"
                }
              }
            ],
            "category": "product_name",
            "name": "Citrix NetScaler ADC, NetScaler Gateway"
          }
        ],
        "category": "vendor",
        "name": "Citrix"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-5777",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "other",
          "text": "Use of Uninitialized Variable",
          "title": "CWE-457"
        },
        {
          "category": "other",
          "text": "Use of Uninitialized Resource",
          "title": "CWE-908"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2924602",
          "CSAFPID-2924603"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5777 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5777.json"
        }
      ],
      "title": "CVE-2025-5777"
    },
    {
      "cve": "CVE-2025-5349",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Specified Quantity in Input",
          "title": "CWE-1284"
        },
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2924602",
          "CSAFPID-2924603"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5349 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5349.json"
        }
      ],
      "title": "CVE-2025-5349"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-5777 (GCVE-0-2025-5777)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Vulnerability from certfr_alerte

Solutions

Vulnerability from certfr_alerte

Solutions

Vulnerability from csaf_certbund

Vulnerability from github

Vulnerability from fkie_nvd

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from csaf_ncscnl

Tags

Sightings

Nomenclature