CVE-2025-8424
8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Summary
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NetScaler | ADC | 14.1 < 47.48 | affected |
| NetScaler | ADC | 13.1 < 59.22 | affected |
| NetScaler | ADC | 13.1 FIPS and NDcPP < 37.241 | affected |
| NetScaler | ADC | 12.1 FIPS and NDcPP < 55.330 | affected |
| NetScaler | Gateway | 14.1 < 47.48 | affected |
| NetScaler | Gateway | 13.1 < 59.22 | affected |
| NetScaler | Gateway | 13.1 FIPS and NDcPP < 37.241 | affected |
| NetScaler | Gateway | 12.1 FIPS and NDcPP < 55.330 | affected |
Weaknesses
- CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.