Citrix NetScaler Devices Memory Leak CVE-2025-5777

Overview

The SonicWall Capture Labs threat research team became aware of a pre-authentication memory leak vulnerability leading to information disclosure in Citrix NetScaler devices and assessed its impact while developing mitigation measures. NetScaler ADC and NetScaler Gateway are both networking products from Citrix, primarily used for optimizing application delivery, enhancing security, and improving user experience across networks.

A critical vulnerability—CVE-2025-5777—dubbed Citrix Bleed 2 has been identified affecting Citrix NetScaler devices configured as a Gateway or AAA virtual server. The flaw allows unauthenticated remote attackers to perform out-of-bound memory readings by injecting any preferred string value into the XML tag <InitialValue></InitialValue> within the username parameter, resulting in the leakage of sensitive data, such as session tokens, credentials, and potentially administrative secrets or even full system compromise. A functional proof-of-concept (PoC) code has been widely circulated across offensive security communities and platforms.

Affected Versions:

• NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
• NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP
• NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS

To read the complete article see: SonicWall 📰