CVE-2025-8424

HIGH

NetScaler ADC & Gateway - Info Disclosure

Title source: llm

Description

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

References (1)

[Vendor Advisory] https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Scores

CVSS v4 8.7

EPSS 0.0030

EPSS Percentile 53.5%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1284

Status published

Products (8)

NetScaler/ADC 12.1 FIPS and NDcPP - 55.330

NetScaler/ADC 13.1 - 59.22

NetScaler/ADC 13.1 FIPS and NDcPP - 37.241

NetScaler/ADC 14.1 - 47.48

NetScaler/Gateway 12.1 FIPS and NDcPP - 55.330

NetScaler/Gateway 13.1 - 59.22

NetScaler/Gateway 13.1 FIPS and NDcPP - 37.241

NetScaler/Gateway 14.1 - 47.48

Published Aug 26, 2025

Tracked Since Feb 18, 2026