Citrix NetScaler ADC and NetScaler Gateway Vulnerability – Citrix Bleed 2 NetScaler flaw
A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
CVE-2025-5777 is a pre-authentication memory leak vulnerability with a CVSS score of 9.3 (Critical) that allows remote attackers to extract uninitialized memory contents from affected devices. The vulnerability is also referred to as “CitrixBleed 2” due to its similarity to the infamous CVE-2023-4966 vulnerability. Given its ease of exploitation and potential for significant impact, organizations are advised to patch their vulnerable assets without delay.
Affected Versions
- NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS
Remediation
Running the following commands will terminate all active ICA and PCoIP sessions after all NetScaler appliances in the HA pair or cluster have been upgraded to the fixed builds.:
kill icaconnection -all
kill pcoipConnection -all
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.