CVE-2025-8424
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-08-29

Assigner: Citrix Systems, Inc.

Description
Improper access control on the NetScaler Management Interface in NetScaler ADCβ€―and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8424
EUVD
EUVD-2025-25868
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
citrix netscaler_gateway 4.0
citrix netscaler_adc 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper access control issue in the NetScaler Management Interface of NetScaler ADC and NetScaler Gateway. It occurs when an attacker gains access to the appliance NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access, potentially allowing unauthorized actions on the device.

Impact Analysis

The vulnerability can allow an attacker with access to certain management IPs to bypass proper access controls, potentially leading to unauthorized control or manipulation of the NetScaler appliance, which could compromise network security and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8424. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart