CVE-2025-8424

Improper access control on the NetScaler Management Interface

Basic Information

CVE State: PUBLISHED
Reserved Date: July 31, 2025
Published Date: August 26, 2025
Last Updated: February 26, 2026
Vendor: NetScaler
Product: ADC, Gateway
Description: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

CVSS Scores

CVSS v4.0

8.7 - HIGH

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

SSVC Information

Exploitation: none
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-08-28 11:25:26 UTC) Source

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-08-28 11:25:26 UTC

Timeline

CVE ID Reserved

July 31, 2025
CVE Published to Public

August 26, 2025
Added to KEVIntel

August 28, 2025