Full Report
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services. Field Value CVE ID CVE-2025-12101 Vulnerability Type Cross-Site Scripting (XSS) CWE Classification CWE-79: Improper Neutralization […] The post Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: NetScaler ADC/Gateway Cross-Site Scripting (XSS)
## CVE Details
- CVE ID: CVE-2025-12101
- CVSS Score: 5.9 (Medium) (Based on CVSS v4.0 metric provided)
- CWE: CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
## Affected Systems
- Products: NetScaler ADC and NetScaler Gateway
- Versions:
- 14.1 before 14.1-56.73
- 13.1 before 13.1-60.32
- 13.1-FIPS before 13.1-37.250
- 12.1-FIPS before 12.1-55.333
- End-of-Life (EoL) versions 12.1 and 13.0 remain vulnerable.
- Configurations: Vulnerable only when configured as a Gateway with specific virtual server types (VPN, ICA Proxy, CVPN, or RDP Proxy) or when using Authentication servers with AAA virtual servers. Secure Private Access (on-premises and hybrid) is also susceptible if leveraging vulnerable instances.
## Vulnerability Description
This is a **Cross-Site Scripting (XSS)** vulnerability that allows an attacker to inject malicious scripts into web pages generated by the affected NetScaler instances. If exploited, this flaw could enable attackers to execute arbitrary code within a victim user's browser.
## Exploitation
- Status: Not explicitly stated as exploited in the wild; however, the details suggest potential for exploitation.
- Complexity: Low
- Attack Vector: Network
## Impact
- Confidentiality: High
- Integrity: Limited
- Availability: Limited
## Remediation
### Patches
Organizations must apply the following upgrades:
- NetScaler ADC and Gateway version 14.1-56.73 or later.
- NetScaler ADC and Gateway version 13.1-60.32 or later.
- Update FIPS-compliant versions to the corresponding patched releases.
### Workarounds
- Customers using End-of-Life (EoL) versions must prioritize migration to supported platforms immediately, as EoL versions will not receive further security updates.
- Customers utilizing Citrix-managed cloud solutions are being automatically upgraded by Cloud Software Group and require no manual action.
## Detection
- Detection methods were not detailed, but successful exploitation would typically involve observing malicious script execution within the context of a user session interacting with the NetScaler interface (e.g., VPN login portal).
## References
- Vendor advisory reference: CTX695486 (Defanged: hxxps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX695486)