8.7
CVE-2025-8424
- EPSS 0.34%
- Veröffentlicht 26.08.2025 13:11:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle secure@citrix.com
- CVE-Watchlists
- Unerledigt
Improper access control on the NetScaler Management Interface
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNetScaler
≫
Produkt
ADC
Default Statusunaffected
Version
14.1
Version <
47.48
Status
affected
Version
13.1
Version <
59.22
Status
affected
Version
13.1 FIPS and NDcPP
Version <
37.241
Status
affected
Version
12.1 FIPS and NDcPP
Version <
55.330
Status
affected
HerstellerNetScaler
≫
Produkt
Gateway
Default Statusunaffected
Version
14.1
Version <
47.48
Status
affected
Version
13.1
Version <
59.22
Status
affected
Version
13.1 FIPS and NDcPP
Version <
37.241
Status
affected
Version
12.1 FIPS and NDcPP
Version <
55.330
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.568 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@citrix.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.