By Guru Baran
Publication Date: 2025-11-12 17:01:00
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway products.
Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, or unauthorized actions.
The vulnerability carries a moderate CVSSv4 score of 5.9, highlighting its network accessibility but reliance on user interaction.
NetScaler ADC, formerly Citrix ADC, and NetScaler Gateway serve as critical application delivery controllers and secure remote access solutions for thousands of organizations worldwide.
They handle VPN connections, load balancing, and authentication, making them prime targets for threat actors. This XSS issue stems from improper neutralization of input during web page generation, classified under CWE-79.
Citrix NetScaler ADC and Gateway Vulnerability
Exploitation requires specific…
