Cross-Site Scripting Vulnerability in Citrix NetScaler ADC and Gateway
CVE-2025-12101

5.9MEDIUM

Key Information:

Vendor

Netscaler
Status
Adc
Gateway
Vendor
CVE Published:
11 November 2025

Badges

📈 Score: 451💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-12101?

CVE-2025-12101 refers to a Cross-Site Scripting (XSS) vulnerability found in Citrix NetScaler ADC and Gateway products. These solutions are designed to optimize and secure application delivery through load balancing, VPN access, and traffic management for multiple environments. When configured as a Gateway or AAA (Authentication, Authorization, and Accounting) virtual server, this vulnerability can allow attackers to inject malicious scripts into web pages viewed by users. Such exploitation could compromise user data, enable session hijacking, and facilitate unauthorized actions on the part of the victim, severely undermining the security posture of affected organizations.

Potential impact of CVE-2025-12101

  1. User Data Compromise: Attackers could exploit this vulnerability to execute scripts within the context of a user’s session, leading to the unauthorized collection of sensitive information such as login credentials or personal data.

  2. Session Hijacking: By leveraging the XSS vulnerability, attackers can take control of user sessions, allowing them to impersonate legitimate users and gain access to restricted areas or perform malicious activities without detection.

  3. Malware Distribution: The exploitation of this vulnerability can serve as a launchpad for further attacks, as malicious scripts could facilitate the delivery of malware to users, potentially leading to broader network compromises and data breaches.

Affected Version(s)

ADC 14.1 < 56.73

ADC 13.1 < 60.32

ADC 13.1-FIPS and NDcPP < 37.250

News Articles

favicon imageThe Hacker News

ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories

Global cyber roundup: new AI bug bounties, malware threats, GDPR backlash, Cisco zero-days, data leaks, and rising attacks on key infrastructure.

3 weeks ago

favicon imagewatchTowr Labs

Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)

There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together and see where they might

3 weeks ago

favicon imageRed Hot Cyber

NetScaler ADC and Gateway Vulnerable: Urgent Updates to Prevent XSS Attacks

NetScaler has issued a security bulletin for an XSS vulnerability affecting its NetScaler ADC and NetScaler Gateway products. Urgent updates are recommended.

4 weeks ago

References

https://support.citrix.com/support-home/kbsearch/article?...

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Red Hot Cyber

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-12101 : Cross-Site Scripting Vulnerability in Citrix NetScaler ADC and Gateway