Threat Advisory

Citrix NetScaler ADC and Gateway Cross-Site Scripting Vulnerability

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Medium

EXECUTIVE SUMMARY:

A cross-site scripting (XSS) vulnerability has been identified in Citrix NetScaler ADC and NetScaler Gateway, tracked as CVE-2025-12101. This flaw affects instances configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual servers for authentication and could allow attackers to inject malicious scripts into the web interface.

  • CVE-2025-12101: The vulnerability arises due to improper input sanitization in the web management interface of Citrix NetScaler ADC and Gateway. A remote attacker could exploit this flaw by tricking an authenticated user—typically an administrator—into visiting a maliciously crafted URL, leading to session hijacking, credential theft, or arbitrary actions within the admin console. The issue impacts NetScaler ADC and Gateway versions prior to 14.1-56.73, 13.1-60.32, 13.1-37.250-FIPS/NDcPP, and 12.1-55.333-FIPS/NDcPP. With a CVSS v4.0 score of 5.9 (Medium), successful exploitation could result in unauthorized access or compromise of administrative sessions.

This vulnerability poses a moderate risk, particularly for organizations that expose Citrix NetScaler devices to the internet or rely on them for VPN and remote access authentication.

RECOMMENDATION:

We recommend you refer below mentioned link to apply patches for CVE-2025-12101: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX695486

REFERENCES:

The following reports contain further technical details:

https://cybersecuritynews.com/citrix-netscaler-adc-and-gateway-vulnerability/

crossmenu