8.7

CVE-2025-8424

Warning
Media report

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorNetScaler
Product ADC
Default Statusunaffected
Version < 47.48
Version 14.1
Status affected
Version < 59.22
Version 13.1
Status affected
Version < 37.241
Version 13.1 FIPS and NDcPP
Status affected
Version < 55.330
Version 12.1 FIPS and NDcPP
Status affected
VendorNetScaler
Product Gateway
Default Statusunaffected
Version < 47.48
Version 14.1
Status affected
Version < 59.22
Version 13.1
Status affected
Version < 37.241
Version 13.1 FIPS and NDcPP
Status affected
Version < 55.330
Version 12.1 FIPS and NDcPP
Status affected
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.176
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secure@citrix.com 8.7 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.