CVE-2025-5777 Citrix CVE debrief

Who should care

Organizations that run Citrix NetScaler ADC or Gateway, especially teams responsible for internet-facing access, remote access, or edge appliance management, should treat this as a high-priority remediation item.

Technical summary

The source corpus identifies the issue as an out-of-bounds read in Citrix NetScaler ADC and Gateway. CISA’s KEV entry marks the vulnerability as known exploited and associates it with known ransomware campaign use. The KEV guidance directs affected organizations to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Defensive priority

Critical

Recommended defensive actions

• Review Citrix guidance referenced by CISA for CVE-2025-5777 (CTX693420) and apply vendor-recommended mitigations as soon as possible.
• Confirm whether any Citrix NetScaler ADC or Gateway instances are exposed to untrusted networks and prioritize those systems first.
• Track CISA KEV status and ensure the required action is completed by the stated due date when applicable.
• If mitigations are unavailable or cannot be applied safely, follow CISA guidance to discontinue product use.
• Validate that incident response and monitoring are in place for signs of exploitation on affected appliances.

Evidence notes

The debrief is limited to the supplied source corpus: the CVE record metadata, CISA KEV entry, and official resource links. The only explicit technical characterization provided here is the vendor/product name and the out-of-bounds read description. CISA’s KEV metadata states that the vulnerability is known exploited and that known ransomware campaign use is associated with it. No CVSS score was provided in the corpus.

Official resources