github - ghsa-4gr3-wh64-r647

GHSA-4GR3-WH64-R647

Vulnerability from github – Published: 2025-08-26 15:31 – Updated: 2025-08-26 15:31

Details

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Severity ?

8.7 (High)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-8424"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-26T14:15:44Z",
    "severity": "HIGH"
  },
  "details": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access",
  "id": "GHSA-4gr3-wh64-r647",
  "modified": "2025-08-26T15:31:02Z",
  "published": "2025-08-26T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8424"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-8424 (GCVE-0-2025-8424)

Vulnerability from cvelistv5 – Published: 2025-08-26 13:11 – Updated: 2025-08-27 14:08

Summary

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

Citrix

References

URL

Tags

https://support.citrix.com/support-home/kbsearch/…

Impacted products

Vendor

Product

Version

NetScaler

ADC

Affected: 14.1 , < 47.48 (patch)
Affected: 13.1 , < 59.22 (patch)
Affected: 13.1 FIPS and NDcPP , < 37.241 (patch)
Affected: 12.1 FIPS and NDcPP , < 55.330 (patch)

NetScaler

Gateway

Affected: 14.1 , < 47.48 (patch)
Affected: 13.1 , < 59.22 (patch)
Affected: 13.1 FIPS and NDcPP , < 37.241 (patch)
Affected: 12.1 FIPS and NDcPP , < 55.330 (patch)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8424",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-27T03:55:15.625808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T14:08:11.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ADC",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "47.48",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "59.22",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "37.241",
              "status": "affected",
              "version": "13.1 FIPS and NDcPP",
              "versionType": "patch"
            },
            {
              "lessThan": "55.330",
              "status": "affected",
              "version": "12.1 FIPS and NDcPP",
              "versionType": "patch"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Gateway",
          "vendor": "NetScaler",
          "versions": [
            {
              "lessThan": "47.48",
              "status": "affected",
              "version": "14.1",
              "versionType": "patch"
            },
            {
              "lessThan": "59.22",
              "status": "affected",
              "version": "13.1",
              "versionType": "patch"
            },
            {
              "lessThan": "37.241",
              "status": "affected",
              "version": "13.1 FIPS and NDcPP",
              "versionType": "patch"
            },
            {
              "lessThan": "55.330",
              "status": "affected",
              "version": "12.1 FIPS and NDcPP",
              "versionType": "patch"
            }
          ]
        }
      ],
      "datePublic": "2025-08-26T13:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper access control on the NetScaler Management Interface\u003c/span\u003e in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetScaler ADC\u202fand NetScaler Gateway when an attacker can get a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eccess to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Improper access control on the NetScaler Management Interface in NetScaler ADC\u202fand NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T13:11:10.822Z",
        "orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
        "shortName": "Citrix"
      },
      "references": [
        {
          "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper access control on the NetScaler Management Interface",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
    "assignerShortName": "Citrix",
    "cveId": "CVE-2025-8424",
    "datePublished": "2025-08-26T13:11:10.822Z",
    "dateReserved": "2025-07-31T15:12:42.021Z",
    "dateUpdated": "2025-08-27T14:08:11.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4GR3-WH64-R647

CVE-2025-8424 (GCVE-0-2025-8424)

Tags

Sightings

Nomenclature