CVE-2025-12101 affects NetScaler ADC and NetScaler Gateway platforms, exposing enterprises to session hijacking, credential theft, and the potential deployment of malware.
Security researchers discovered the flaw was already being weaponized in real-world attacks targeting vulnerable configurations.
The vulnerability enables attackers to inject malicious scripts into web pages served by affected NetScaler instances.
Once successfully exploited, threat actors can execute arbitrary code directly within users’ browsers, creating a direct pathway to sensitive corporate environments.
Organizations relying on these appliances for authentication and secure remote access face substantial risk, particularly those managing hybrid or on-premises deployments.
Multiple NetScaler versions remain vulnerable, creating a fragmented security landscape across enterprises.
Users running NetScaler ADC and Gateway versions 14.1 before 14.1-56.73 or version 13.1 before 13.1-60.32 should prioritize immediate patching.
FIPS-compliant deployments, including versions 13.1-FIPS and 12.1-FIPS, are equally vulnerable, though they often receive less frequent security attention due to their specialized nature.
Notably, the end-of-life versions 12.1 and 13.0 remain unpatched and unsupported, yet many organizations continue to operate these legacy systems.
This creates a compounding risk factor, as administrators cannot receive security updates regardless of their intentions.
Secure Private Access deployments, whether cloud-based, on-premises, or hybrid, face identical exposure if running vulnerable versions.
The vulnerability manifests explicitly when NetScaler operates as a Gateway with VPN, ICA Proxy, CVPN, or RDP Proxy virtual server configurations.
Authentication servers utilizing AAA virtual servers are similarly affected. Organizations must audit their specific NetScaler deployments to determine exposure, as not all configurations trigger the vulnerability.
Cloud Software Group assigned the vulnerability a CVSSv4 score of 5.9, classified as medium severity.
However, this assessment may underestimate real-world impact given active exploitation in the wild.
The attack requires network access and user interaction, both of which are readily achievable in typical enterprise environments where employees access corporate resources remotely.
Immediate remediation requires upgrading to NetScaler ADC and Gateway version 14.1-56.73 or later, or version 13.1-60.32 and subsequent releases.
FIPS-compliant customers must apply their respective patched versions. Organizations operating unsupported versions should accelerate migration plans to prevent exploitation.
The vulnerability was responsibly disclosed by Sina Kheirkhah of watchTowr and Dylan Pindur of Assetnote.
Cloud Software Group automatically patches managed cloud services, eliminating manual intervention for Citrix-managed customers.
| CVE ID | Vulnerability Type | CVSS Score | Affected Versions |
|---|---|---|---|
| CVE-2025-12101 | Cross-Site Scripting (XSS) | 5.9 (Medium) | NetScaler ADC/Gateway 14.1 <14.1-56.73, 13.1 <13.1-60.32, FIPS variants, EOL versions 12.1 & 13.0 |
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Cross-Site Scripting Vulnerability Discovered in Citrix NetScaler ADC and Gateway appeared first on Cyber Security News.
When I reviewed MLB The Show 20, I praised it as the best baseball simulation…
Batman is a character that transcends time. Regardless of your generation, everyone has "my Batman",…
Crimson Desert feels like it was designed in a lab by someone who wanted to…
HAMMOND, Ind. (WOWO) — An East Chicago woman who spent more than two decades collecting…
MIAMI BEACH, FL. (WOWO) — An Indiana University student and a recent graduate were killed…
TransAlta’s coal-fired power plant in Centralia, Wash., is among the facilities that received emergency orders…
This website uses cookies.