CVE-2025-5777

描述： Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Based on two public analysis of this vulnerability (here and here) we know an unauthenticated HTTP POST request to the /p/u/doAuthentication.do endpoint, that contains a HTTP form parameter with a name login and no value set, will force uninitialized memory to be disclosed in the HTTP response. Exploitation relies upon repeated attempts to leak memory until something of value, like a valid session token, is disclosed. Due to the similarity with the 2023 vulnerability CVE-2023-4966, which was dubbed “CitrixBleed”, this new vulnerability which has a different root cause but similar affect, has been dubbed “CitrixBleed 2”.

The target is not vulnerable in a default configuration. As per the vendor advisory, NetScaler must be configured as either a Gateway (VPN virtual server, ICA Proxy, CVPN, or RDP Proxy) or an AAA virtual server. However we believe these are common configurations.

As rated the Attacker Value as Very High, as leaking a session token allows for session hijacking, and we know from the 2023 “CitrixBleed” vulnerability that this can have significant impact. I rated the Exploitability as High. While the vulnerability is unauthenticated, the attacker has no direct control over what is leaked and must rely upon repeated attempts to leak something of value (like a session token), and the attacker cannot govern what specific session tokens will be leaked.

其他

#attackerkb.com

CVE-2025-5777

http://example.com/2025/07/11/other_3429849780/

作者

lianccc

发布于

2025年7月11日

许可协议

CVE-2025-3933 Regular expression Denial of Service - ReDoS in huggingface/transformers 上一篇

Apache Dubbo JavaNative反序列化漏洞下一篇