CVE-2025-8424

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

CVSS

No CVSS.

References

Link	Resource
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Configurations

No configuration.

History

29 Aug 2025, 16:22

Type	Values Removed	Values Added
Summary		(es) Control de acceso inadecuado en la interfaz de administración de NetScaler en NetScaler ADC y NetScaler Gateway cuando un atacante puede obtener acceso a la NSIP del dispositivo, la IP de administración del clúster o la IP del sitio GSLB local o SNIP con acceso de administración

26 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-26 14:15

Updated : 2025-08-29 16:22

NVD link : CVE-2025-8424

Mitre link : CVE-2025-8424

CVE.ORG link : CVE-2025-8424

JSON object : View

Products Affected

No product.

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2025-8424", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@citrix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-26T14:15:44.740", "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938", "source": "secure@citrix.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@citrix.com", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"}, {"lang": "es", "value": "Control de acceso inadecuado en la interfaz de administraci\u00f3n de NetScaler en NetScaler ADC y NetScaler Gateway cuando un atacante puede obtener acceso a la NSIP del dispositivo, la IP de administraci\u00f3n del cl\u00faster o la IP del sitio GSLB local o SNIP con acceso de administraci\u00f3n"}], "lastModified": "2025-08-29T16:22:31.970", "sourceIdentifier": "secure@citrix.com"}