CVE-2025-12101

Summary

Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Affected Software

VendorProductVersion RangeStatus
NetScalerADC14.1 < 56.73affected
NetScalerADC13.1 < 60.32affected
NetScalerADC13.1-FIPS and NDcPP < 37.250affected
NetScalerADC12.1-FIPS and NDcPP < 55.333affected
NetScalerGateway14.1 < 56.73affected
NetScalerGateway13.1 < 60.32affected
NetScalerGateway13.1-FIPS and NDcPP < 37.250affected
NetScalerGateway12.1-FIPS and NDcPP < 55.333affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References