{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-8424","assignerOrgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","state":"PUBLISHED","assignerShortName":"Citrix","dateReserved":"2025-07-31T15:12:42.021Z","datePublished":"2025-08-26T13:11:10.822Z","dateUpdated":"2026-02-26T17:48:11.563Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ADC","vendor":"NetScaler","versions":[{"lessThan":"47.48","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"59.22","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"37.241","status":"affected","version":"13.1 FIPS and NDcPP","versionType":"patch"},{"lessThan":"55.330","status":"affected","version":"12.1 FIPS and NDcPP","versionType":"patch"}]},{"defaultStatus":"unaffected","product":"Gateway","vendor":"NetScaler","versions":[{"lessThan":"47.48","status":"affected","version":"14.1","versionType":"patch"},{"lessThan":"59.22","status":"affected","version":"13.1","versionType":"patch"},{"lessThan":"37.241","status":"affected","version":"13.1 FIPS and NDcPP","versionType":"patch"},{"lessThan":"55.330","status":"affected","version":"12.1 FIPS and NDcPP","versionType":"patch"}]}],"datePublic":"2025-08-26T13:06:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Improper access control on the NetScaler Management Interface</span> in <span style=\"background-color: rgb(255, 255, 255);\">NetScaler ADC and NetScaler Gateway when an attacker can get a<span style=\"background-color: rgb(255, 255, 255);\">ccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access</span></span><br>"}],"value":"Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1284","description":"CWE-1284 Improper Validation of Specified Quantity in Input","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e437aed5-38e0-4fa3-a98b-cb73e7acaec6","shortName":"Citrix","dateUpdated":"2025-08-26T13:11:10.822Z"},"references":[{"url":"https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"}],"source":{"discovery":"UNKNOWN"},"title":"Improper access control on the NetScaler Management Interface","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-8424","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-27T03:55:15.625808Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:48:11.563Z"}}]}}