8.7
CVE-2025-8424
- EPSS 0.04%
- Veröffentlicht 26.08.2025 13:11:10
- Zuletzt bearbeitet 29.08.2025 16:22:31
- Quelle secure@citrix.com
- Teams Watchlist Login
- Unerledigt Login
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNetScaler
≫
Produkt
ADC
Default Statusunaffected
Version <
47.48
Version
14.1
Status
affected
Version <
59.22
Version
13.1
Status
affected
Version <
37.241
Version
13.1 FIPS and NDcPP
Status
affected
Version <
55.330
Version
12.1 FIPS and NDcPP
Status
affected
HerstellerNetScaler
≫
Produkt
Gateway
Default Statusunaffected
Version <
47.48
Version
14.1
Status
affected
Version <
59.22
Version
13.1
Status
affected
Version <
37.241
Version
13.1 FIPS and NDcPP
Status
affected
Version <
55.330
Version
12.1 FIPS and NDcPP
Status
affected
26.08.2025: CERT.at Warnung
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.113 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@citrix.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.