CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jul 11, 2025
Description
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
EPSS — Exploit Probability
Higher than 98.6% of all CVEs
Required Action
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777
Related Articles (4)
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
Mar 9, 2026
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat landscape.
Mar 19, 2026
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix fixes CVE-2026-3055 memory flaw in NetScaler, enabling data leaks in SAML setups, raising risk of imminent exploitation.
Mar 24, 2026
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.
Mar 28, 2026
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 69.8%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 4
Timeline
Published
Jul 10, 2025
Added to KEV
Jul 10, 2025
Remediation Due
Jul 11, 2025