CVE-2025-8424 - Vulnerability Details - OpenCVE

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Netscaler	Adc Gateway

No data.

No data.

References

Link	Providers
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

History

Wed, 27 Aug 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 27 Aug 2025 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netscaler Netscaler adc Netscaler gateway
Vendors & Products		Netscaler Netscaler adc Netscaler gateway

Tue, 26 Aug 2025 13:30:00 +0000

Type	Values Removed	Values Added
Description		Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
Title		Improper access control on the NetScaler Management Interface
Weaknesses		CWE-1284
References		https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2025-08-26T13:11:10.822Z

Updated: 2025-08-27T14:08:11.099Z

Reserved: 2025-07-31T15:12:42.021Z

Link: CVE-2025-8424

Vulnrichment

Updated: 2025-08-26T14:37:40.419Z

NVD

Status : Awaiting Analysis

Published: 2025-08-26T14:15:44.740

Modified: 2025-08-29T16:22:31.970

Link: CVE-2025-8424

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8424", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2025-07-31T15:12:42.021Z", "datePublished": "2025-08-26T13:11:10.822Z", "dateUpdated": "2025-08-27T14:08:11.099Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADC", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Gateway", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}], "datePublic": "2025-08-26T13:06:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper access control on the NetScaler Management Interface</span> in <span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC\u202fand NetScaler Gateway when an attacker can get a<span style=\"background-color: rgb(255, 255, 255);\">ccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access</span></span><br>"}], "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2025-08-26T13:11:10.822Z"}, "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper access control on the NetScaler Management Interface", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-27T03:55:15.625808Z", "id": "CVE-2025-8424", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T14:08:11.099Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8424", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2025-07-31T15:12:42.021Z", "datePublished": "2025-08-26T13:11:10.822Z", "dateUpdated": "2025-08-27T14:08:11.099Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADC", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Gateway", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}], "datePublic": "2025-08-26T13:06:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper access control on the NetScaler Management Interface</span> in <span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC\u202fand NetScaler Gateway when an attacker can get a<span style=\"background-color: rgb(255, 255, 255);\">ccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access</span></span><br>"}], "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2025-08-26T13:11:10.822Z"}, "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper access control on the NetScaler Management Interface", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-27T03:55:15.625808Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T14:37:40.419Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}, {"lang": "es", "value": "Control de acceso inadecuado en la interfaz de administraci\u00f3n de NetScaler en NetScaler ADC y NetScaler Gateway cuando un atacante puede obtener acceso a la NSIP del dispositivo, la IP de administraci\u00f3n del cl\u00faster o la IP del sitio GSLB local o SNIP con acceso de administraci\u00f3n"}], "id": "CVE-2025-8424", "lastModified": "2025-08-29T16:22:31.970", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2025-08-26T14:15:44.740", "references": [{"source": "secure@citrix.com", "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "secure@citrix.com", "type": "Secondary"}]}