CVE-2025-8424

Summary

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Affected Software

VendorProductVersion RangeStatus
NetScalerADC14.1 < 47.48affected
NetScalerADC13.1 < 59.22affected
NetScalerADC13.1 FIPS and NDcPP < 37.241affected
NetScalerADC12.1 FIPS and NDcPP < 55.330affected
NetScalerGateway14.1 < 47.48affected
NetScalerGateway13.1 < 59.22affected
NetScalerGateway13.1 FIPS and NDcPP < 37.241affected
NetScalerGateway12.1 FIPS and NDcPP < 55.330affected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References