A critical vulnerability has been identified in Citrix NetScaler, designated as CVE-2025-5777, with a CVSS 3.1 score of 9.3. This vulnerability allows an unauthenticated attacker to extract fragments of server memory. It affects NetScaler ADC and NetScaler Gateway versions 14.1-43.56 and later, 13.1-58.32 and later, as well as specific FIPS and NDcPP versions.
The vulnerability arises from a missing check for an empty parameter in HTTP requests. It is exploitable when the appliance is configured in Gateway mode or as an AAA virtual server. This flaw enables attackers to repeatedly send requests to access significant amounts of data.
To mitigate this risk, Stormshield Network Security firewalls can detect and block exploitation attempts using specific IPS signatures, provided the traffic is decrypted. Updating to the latest secure versions of NetScaler ADC and Gateway is strongly recommended. Additionally, terminating all active ICA and PCoIP sessions post-update is advised to ensure security.
