cbcvebase.
CVE-2025-8424
published 2025-08-26

CVE-2025-8424: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP…

PriorityP353high8.7CVSS 4.0
AVAACLATNPRNUINVCHVIHVAHSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
2.72%
84.2th percentile
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Affected

8 ranges
VendorProductVersion rangeFixed in
netscaleradc>= 12.1 FIPS and NDcPP < 55.33055.330
netscaleradc>= 13.1 < 59.2259.22
netscaleradc>= 13.1 FIPS and NDcPP < 37.24137.241
netscaleradc>= 14.1 < 47.4847.48
netscalergateway>= 12.1 FIPS and NDcPP < 55.33055.330
netscalergateway>= 13.1 < 59.2259.22
netscalergateway>= 13.1 FIPS and NDcPP < 37.24137.241
netscalergateway>= 14.1 < 47.4847.48
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.