CISA has identified CVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway, and added it to the KEV catalog. This flaw, with a CVSS score of 9.3, allows attackers to bypass authentication due to insufficient input validation. Attacks have been reported, with evidence pointing to exploitation since mid-June, originating from multiple IP addresses across several countries. The vulnerability could enable memory overread, specifically in configurations using Gateway or AAA virtual servers. Another product flaw, CVE-2025-6543, is also being actively exploited.
"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild."
"CVE-2025-5777 (CVSS score: 9.3) is an instance of insufficient input validation that could be exploited by an attacker to bypass authentication when the appliance is configured as a Gateway or AAA virtual server."
"Data from GreyNoise shows that exploitation efforts are originating from 10 unique malicious IP addresses located in Bulgaria, the United States, China, Egypt, and Finland over the past 30 days."
"The addition of CVE-2025-5777 to the KEV catalog comes as another flaw in the same product (CVE-2025-6543, CVSS score: 9.2) has also come under active exploitation."
Collection
[
|
...
]