By Divya
Publication Date: 2025-11-13 05:41:00
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms.
The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services.
| Field | Value |
|---|---|
| CVE ID | CVE-2025-12101 |
| Vulnerability Type | Cross-Site Scripting (XSS) |
| CWE Classification | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| CVSS v4.0 Score | 5.9 (Medium) |
Vulnerability Overview
The vulnerability enables attackers to inject malicious scripts into web pages served by affected NetScaler instances.
If successfully exploited, the flaw could allow threat actors to execute arbitrary code in users’ browsers, potentially leading to session hijacking, credential theft, or malware distribution.
The attack requires specific configurations and user interaction to succeed, limiting its immediate threat.
The vulnerability impacts multiple…
