Unrated severityCISA KEVNVD Advisory· Published Jun 17, 2025· Updated Feb 26, 2026
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
CVE-2025-5777
Description
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- NetScaler/Gatewayv5Range: 14.1
Patches
Vulnerability mechanics
References
1News mentions
6- CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)watchTowr Labs · Jun 30, 2026
- INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023The Hacker News · Jun 18, 2026
- INC Ransomware Thrives by Mastering the BasicsDark Reading · Jun 17, 2026
- Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security RisksInfosecurity Magazine · Jun 15, 2026
- Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)watchTowr Labs · Nov 12, 2025
- The Rise of Collaborative Tactics Among China-aligned Cyber Espionage CampaignsTrend Micro Research · Oct 22, 2025