PT-2025-25651 · Citrix · Citrix Netscaler Gateway+1
Jdoe
+1
·
Published
2025-06-17
·
Updated
2026-07-01
·
CVE-2025-5777
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
Citrix NetScaler ADC versions prior to 14.1-43.56
Citrix NetScaler ADC versions prior to 13.1-58.32
Citrix NetScaler Gateway versions prior to 14.1-43.56
Citrix NetScaler Gateway versions prior to 13.1-58.32
Description
An insufficient input validation issue leads to a memory overread (out-of-bounds read) when the system is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. This memory leak occurs during the parsing of specific POST requests. Specifically, an unauthenticated remote attacker can send a specially crafted POST request to the '/p/u/doAuthentication.do' endpoint where the
login parameter is provided without an equals sign or a value. The server then responds with a fragment of uninitialized process memory within the <InitialValue> XML element. Each request can leak approximately 127 bytes, allowing for the gradual extraction of sensitive data from memory, which impacts the confidentiality, integrity, and availability of protected information.Recommendations
Update Citrix NetScaler ADC and Gateway to version 14.1-43.56 or later.
Update Citrix NetScaler ADC and Gateway to version 13.1-58.32 or later.
As a temporary mitigation, implement a WAF rule to block POST requests to the '/p/u/doAuthentication.do' URI that contain a body consisting only of the
login parameter (regardless of case) without a value.Exploit
Fix
DoS
RCE
Use of Uninitialized Resource
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Citrix Netscaler Adc
Citrix Netscaler Gateway