Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-12101 — Cross-site Scripting in ADC

CWE-79 — Cross-site Scripting143 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

2.0%

top 16.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netscaler ADC Netscaler Gateway Citrix ADM +6 more

Timeline

PublishedNov 11

Latest updateNov 12

Description

Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages9 packages

▶CVEListV5netscaler/gateway14.1 — 56.73+3

▶citrixcitrix/netscaler_gateway

▶CVEListV5netscaler/adc14.1 — 56.73+3

▶citrixcitrix/xenserver

▶citrixcitrix/netscaler_adc

🔴Vulnerability Details

GHSA

GHSA-jcjw-279r-m433: Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN,↗2025-11-11

▶

💥Exploits & PoCs

Nuclei

Citrix NetScaler ADC & Gateway - Reflected XSS / Open Redirect

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Citrix Netscaler SAML RelayState Reflected Cross-Site Scripting (CVE-2025-12101)↗2025-11-12

▶

📋Vendor Advisories

139

Citrix

Citrix Security Bulletin CTX111827↗

▶

Citrix

Citrix Security Bulletin CTX116310↗

▶

Citrix

Citrix Security Bulletin CTX108354↗

▶

Citrix

Citrix Security Bulletin CTX677093↗

▶

Citrix

Citrix Security Bulletin CTX107705↗

▶