{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8424", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2025-07-31T15:12:42.021Z", "datePublished": "2025-08-26T13:11:10.822Z", "dateUpdated": "2025-08-27T14:08:11.099Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADC", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Gateway", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}], "datePublic": "2025-08-26T13:06:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper access control on the NetScaler Management Interface</span> in <span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC\u202fand NetScaler Gateway when an attacker can get a<span style=\"background-color: rgb(255, 255, 255);\">ccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access</span></span><br>"}], "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2025-08-26T13:11:10.822Z"}, "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper access control on the NetScaler Management Interface", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-27T03:55:15.625808Z", "id": "CVE-2025-8424", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T14:08:11.099Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8424", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "state": "PUBLISHED", "assignerShortName": "Citrix", "dateReserved": "2025-07-31T15:12:42.021Z", "datePublished": "2025-08-26T13:11:10.822Z", "dateUpdated": "2025-08-27T14:08:11.099Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ADC", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}, {"defaultStatus": "unaffected", "product": "Gateway", "vendor": "NetScaler", "versions": [{"lessThan": "47.48", "status": "affected", "version": "14.1", "versionType": "patch"}, {"lessThan": "59.22", "status": "affected", "version": "13.1", "versionType": "patch"}, {"lessThan": "37.241", "status": "affected", "version": "13.1 FIPS and NDcPP", "versionType": "patch"}, {"lessThan": "55.330", "status": "affected", "version": "12.1 FIPS and NDcPP", "versionType": "patch"}]}], "datePublic": "2025-08-26T13:06:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper access control on the NetScaler Management Interface</span> in <span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC\u202fand NetScaler Gateway when an attacker can get a<span style=\"background-color: rgb(255, 255, 255);\">ccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access</span></span><br>"}], "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2025-08-26T13:11:10.822Z"}, "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper access control on the NetScaler Management Interface", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-27T03:55:15.625808Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T14:37:40.419Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}], "id": "CVE-2025-8424", "lastModified": "2025-08-26T14:15:44.740", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "secure@citrix.com", "type": "Secondary"}]}, "published": "2025-08-26T14:15:44.740", "references": [{"source": "secure@citrix.com", "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "secure@citrix.com", "type": "Secondary"}]}

{}