NetScaler ADC and Gateway Vulnerable: Urgent Updates to Prevent XSS Attacks
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
LECS 320x100 1
970x120
NetScaler ADC and Gateway Vulnerable: Urgent Updates to Prevent XSS Attacks

NetScaler ADC and Gateway Vulnerable: Urgent Updates to Prevent XSS Attacks

Redazione RHC : 12 November 2025 10:18

NetScaler and Citrix – On November 11, 2025, released security bulletin CTX695486 regarding the CVE-2025-12101 vulnerability, which affects the NetScaler ADC and NetScaler Gateway products. The vulnerability is rated ” Medium ” and affects specific configuration scenarios of systems used for remote access and authentication.

The identified issue is a Cross-Site Scripting (XSS) vulnerability, classified as CWE-79 , that occurs when the NetScaler appliance is configured as a ” Gateway ” (for example, VPN Virtual Server, ICA Proxy, CVPN or RDP Proxy) or as an AAA (Authentication, Authorisation, Accounting) virtual server.

Under these conditions, an attacker could inject malicious code into web pages generated by the device, compromising the security of user sessions or stealing sensitive information.


CVE-ID		 Description Preconditions CWE CVSSv4
CVE-2025-12101 Cross-Site Scripting (XSS)
NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)ORAAA virtual server		 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 5.9
(CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L)

The non-vulnerable versions, which fix the vulnerability are:

  • NetScaler ADC and NetScaler Gateway 14.1-56.73 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-60.32 and later releases of 13.1
  • NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.250 and later releases of 13.1-FIPS and 13.1-NDcPP
  • NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.333 and later releases of 12.1-FIPS and 12.1-NDcPP

Additionally, releases 12.1 and 13.0 have already been declared “End of Life” (EOL) and are therefore vulnerable without further security updates. The company specified that on-premises or hybrid “Secure Private Access” deployments using NetScaler instances are also affected.

All customers are urgently advised to install the updated versions: 14.1-56.73 or later, 13.1-60.32 or later, 13.1-FIPS/NDcPP 13.1-37.250 or later, and 12.1-FIPS/NDcPP 12.1-55.333 or later. There are currently no known public exploits, but the nature of the attack—which directly targets authentication portals—makes it potentially dangerous, especially for organizations that expose these interfaces to the Internet.

To reduce risk, system administrators should check their appliance configurations for the strings “add vpn vserver . ” or “add authentication vserver . , which indicate the presence of Gateway or AAA services.

Critical infrastructure, government and financial sectors, which often use NetScaler for secure management of remote connections, are advised to apply the updates immediately to prevent possible XSS attacks and subsequent compromise of user sessions.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli