CVE-2025-8424 — Improper Validation of Specified Quantity in Input in ADC

CWE-1284 — Improper Validation of Specified Quantity in Input9 documents6 sources

Severity

8.7HIGHNVD

EPSS

0.3%

top 46.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netscaler ADC Netscaler Gateway

Timeline

PublishedAug 26

Latest updateAug 27

Description

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages2 packages

▶CVEListV5netscaler/gateway14.1 — 47.48+3

▶CVEListV5netscaler/adc14.1 — 47.48+3

🔴Vulnerability Details

GHSA

GHSA-4gr3-wh64-r647: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance↗2025-08-26

▶

🕵️Threat Intelligence

Bleepingcomputer

Over 28,000 Citrix devices vulnerable to new exploited RCE flaw↗2025-08-27

▶

Bleepingcomputer

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks↗2025-08-26

▶

Tenable

CVE-2025-7775 Citrix RCE Zero-day↗2025-08-26

▶

Recorded Future

August 2025 CVE Landscape↗

▶

Wiz

CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶