8.8
CVE-2025-5349
- EPSS 0.06%
- Published 17.06.2025 12:32:24
- Last modified 06.08.2025 17:50:04
- Source secure@citrix.com
- Teams watchlist Login
- Open Login
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 12.1 < 12.1-55.328
Citrix ≫ Netscaler Application Delivery Controller SwEditionfips Version >= 13.1 < 13.1-37.235
Citrix ≫ Netscaler Application Delivery Controller SwEditionndcpp Version >= 13.1 < 13.1-37.235
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-58.32
Citrix ≫ Netscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-43.56
Citrix ≫ NetScaler Gateway Version >= 13.1 < 13.1-58.32
Citrix ≫ NetScaler Gateway Version >= 14.1 < 14.1-43.56
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.187 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secure@citrix.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.