CVE-2025-5777

June 17, 2025, 1:15 p.m.

9.3
Critical

Description

Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway

Product(s) Impacted

Vendor Product Versions
Citrix
  • Netcaler Adc
  • Netcaler Gateway
  • Netcaler Management Interface
  • *
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a citrix netcaler_adc / / / / / / / /
a citrix netcaler_gateway / / / / / / / /
a citrix netcaler_management_interface / / / / / / / /

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420

Tags

CWE-125
secure@citrix.com
2025-06-17
CVE-2025-5777

CVSS Score

9.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: June 17, 2025, 1:15 p.m.
Last Modified: June 17, 2025, 1:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@citrix.com

Linked Attack Reports

Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations

The cyber-espionage group UAC-0226 has significantly evolved its GIFTEDCROOK malware from a basic browser data stealer to a robust intelligence-gathering tool. Three versions were identified between April-June 2025, with the latest iterations capable of exfiltrating a wide range of sensitive docume…
ukraine
data exfiltration
telegram
geopolitical
spear-phishing
cyber-espionage
2025-06-27
giftedcrook
Published: June 27, 2025
Linked vulnerabilities : CVE-2025-5777 (CVSS 9.3)
Downloadable IOCs: 11

Dropping Elephant APT Group Targets Turkish Defense Industry With New Campaign and Capabilities: LOLBAS, VLC Player, and Encrypted Shellcode

The Arctic Wolf Labs team has uncovered a new cyber-espionage campaign by the Dropping Elephant APT group targeting Turkish defense contractors. The attack leverages a five-stage execution chain delivered via malicious LNK files disguised as conference invitations. It uses legitimate binaries like …
apt
powershell
shellcode
dll side-loading
cyber-espionage
turkey
defense industry
2025-07-23
vlc player
dropping elephant rat
Published: July 23, 2025
Linked vulnerabilities : CVE-2025-5777 (CVSS 9.3), CVE-2025-20337 (CVSS 10.0), CVE-2025-53770 (CVSS 9.8)
Downloadable IOCs: 10

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.