Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2025-5777
Topic description: "Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server ..."
"Based on two public analysis of this vulnerability ([here](https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/) and [here](https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/)) we know an unauthenticated HTTP POST request to the `/p/u/doAuthentication.do` endpoint, that contains a HTTP form parameter with a name `login` and no value set, will force uninitialized memory to be disclosed in the HTTP response ..."
Link: https://attackerkb.com/assessments/f090e341-069f-42b0-aae6-a43626520938
Topic description: "Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server ..."
"Based on two public analysis of this vulnerability ([here](https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/) and [here](https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/)) we know an unauthenticated HTTP POST request to the `/p/u/doAuthentication.do` endpoint, that contains a HTTP form parameter with a name `login` and no value set, will force uninitialized memory to be disclosed in the HTTP response ..."
Link: https://attackerkb.com/assessments/f090e341-069f-42b0-aae6-a43626520938
0
0
0