Skip to main content

Netscaler Gateway EUVDEUVD-2025-18497

| CVE-2025-5777 HIGH
Out-of-bounds Read (CWE-125)
2025-06-17 secure@citrix.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

8
Analysis Updated
Apr 16, 2026 - 06:38 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
58.32,43.56
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18497
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
Added to CISA KEV
Oct 30, 2025 - 20:10 cisa
CISA KEV
PoC Detected
Oct 30, 2025 - 20:10 vuln.today
Public exploit code
CVE Published
Jun 17, 2025 - 13:15 nvd
HIGH 7.5

DescriptionCVE.org

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

AnalysisAI

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs.

Technical ContextAI

The vulnerability is a Heartbleed-style memory overread in the VPN/AAA components of NetScaler. Insufficient validation of input length fields allows an attacker to read beyond buffer boundaries into adjacent memory. This memory may contain: active session tokens (enabling session hijacking), plaintext credentials from recent VPN authentications, TLS private keys (enabling MITM decryption), and other sensitive data stored in the appliance's memory.

RemediationAI

Apply Citrix security update immediately. After patching: invalidate all active VPN sessions and force re-authentication. Rotate TLS certificates and private keys (they may have been exposed). Review VPN access logs for session hijacking indicators. Audit for unauthorized internal access.

CVE-2025-6543 CRITICAL POC
9.8 Jun 25

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2025-5349 HIGH POC
8.8 Jun 17

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent

CVE-2023-4967 HIGH POC
7.5 Oct 27

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV

CVE-2026-8452 HIGH
8.8 Jun 30

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated atta

CVE-2026-8655 HIGH
8.8 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that prod

CVE-2026-13474 HIGH
8.7 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive

CVE-2020-8247 HIGH
8.8 Sep 18

Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix AD

CVE-2024-8534 HIGH
8.4 Nov 12

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli

CVE-2026-10816 HIGH
7.1 Jun 30

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network

CVE-2021-22927 HIGH
8.1 Aug 05

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provide

CVE-2023-3467 HIGH
8.0 Jul 19

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack co

Share

EUVD-2025-18497 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy