PT-2025-25651 · Citrix · Citrix Netscaler Gateway+1

Jdoe

+1

·

Published

2025-06-17

·

Updated

2026-07-01

·

CVE-2025-5777

CVSS v4.0

10

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC versions prior to 14.1-43.56 Citrix NetScaler ADC versions prior to 13.1-58.32 Citrix NetScaler Gateway versions prior to 14.1-43.56 Citrix NetScaler Gateway versions prior to 13.1-58.32
Description An insufficient input validation issue leads to a memory overread (out-of-bounds read) when the system is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. This memory leak occurs during the parsing of specific POST requests. Specifically, an unauthenticated remote attacker can send a specially crafted POST request to the '/p/u/doAuthentication.do' endpoint where the login parameter is provided without an equals sign or a value. The server then responds with a fragment of uninitialized process memory within the <InitialValue> XML element. Each request can leak approximately 127 bytes, allowing for the gradual extraction of sensitive data from memory, which impacts the confidentiality, integrity, and availability of protected information.
Recommendations Update Citrix NetScaler ADC and Gateway to version 14.1-43.56 or later. Update Citrix NetScaler ADC and Gateway to version 13.1-58.32 or later. As a temporary mitigation, implement a WAF rule to block POST requests to the '/p/u/doAuthentication.do' URI that contain a body consisting only of the login parameter (regardless of case) without a value.

Exploit

Fix

DoS

RCE

Use of Uninitialized Resource

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2025-07142
CVE-2025-5777

Affected Products

Citrix Netscaler Adc
Citrix Netscaler Gateway