漏洞平台

POC详情： 6d4b5e660b1fe1eeb58fc3994bfb4ddc79c41101

来源

https://github.com/ndr-repo/CVE-2025-5777

关联漏洞

标题： Citrix NetScaler ADC和Citrix NetScaler Gateway 安全漏洞 (CVE-2025-5777)
描述：Citrix NetScaler ADC和Citrix NetScaler Gateway都是美国Citrix公司的产品。Citrix NetScaler ADC是一个应用程序交付和安全性平台。Citrix NetScaler Gateway是一种安全远程访问的解决方案。 Citrix NetScaler ADC和Citrix NetScaler Gateway存在安全漏洞，该漏洞源于NetScaler Management Interface输入验证不足，可能导致内存过度读取。

描述

Exploit for CVE-2025-5777: Citrix NetScaler Memory Disclosure (CitrixBleed 2)

介绍

# Exploit for CVE-2025-5777: Citrix NetScaler Memory Disclosure (CitrixBleed 2) [T1606]

## Description
- External, unauthenticated exploit for memory leak in Citrix NetScaler Gateway & AAA Virtual Server 
- Leverages insufficient input validation in the web app to fire the payload, and TOCTOU Race Conditions to scrape variables in memory 
## Asset Discovery & Exposure Analysis - (Red/Purple Team -> Organization)
### Method 1: Search Engine Dorking
```
site:<targetDomainSuffix> intitle:"Netscaler AAA" | intitle:"Citrix Gateway"
```
### Method 2: Hunter.how
```
domain.suffix=="<targetDomainSuffix>" and header.server="snow_adc"
```
## Exploit Usage
```
bash CVE-2025-5777.sh <targetDomain>
```
## Pivoting - Red Team Operations
Objective - Pivot externally without credentials -> internal with low priv user credentials over VPN
### Methodology
- Inspect response bodies and experiment with decoding and escaping to gain visibility on the asset - log files, etc.
- Inspect response headers, repeat til capture of active user session cookies in memory - [Demonstration by horizon3.ai](https://horizon3.ai/wp-content/uploads/2025/07/citrixbleed2.mp4)
- Authenticate to the target domain 
## References
- [CVEdetails.com](https://www.cvedetails.com/cve/CVE-2025-5777/)
- [Tenable Plugins](https://www.tenable.com/cve/CVE-2025-5777)
- [Attack Vector: CAPEC-29 - Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions](https://capec.mitre.org/data/definitions/26.html)
- [Adversary Emulation: T1606 - Forge Web Credentials](https://attack.mitre.org/techniques/T1606)
- [EUVD-2025-18497](https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5777)
- [Horizon3.ai - CitrixBleed 2 Exploit Deep Dive](https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/)

文件快照


 [4.0K]  /data/pocs/6d4b5e660b1fe1eeb58fc3994bfb4ddc79c41101
├── [ 527]  CVE-2025-5777.sh
├── [1.0K]  LICENSE
└── [1.8K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。