CVE-2025-5777 aka CitrixBleed 2 is a memory overread vulnerability in Citrix NetScaler when it is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS
https://nvd.nist.gov/vuln/detail/CVE-2025-5777
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420