Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Gateway

Source -

CNA

CNA CVEs -

7

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2025-8424
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 13:11
Updated-26 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control on the NetScaler Management Interface

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-ADCGateway
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-7776
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 13:03
Updated-26 Aug, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-ADCGateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-7775
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.2||CRITICAL
EPSS-Not Assigned
Published-26 Aug, 2025 | 12:56
Updated-26 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-ADCGateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-6543
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.2||CRITICAL
EPSS-4.51% / 88.68%
||
7 Day CHG+0.30%
Published-25 Jun, 2025 | 12:49
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-21||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Memory overflow vulnerability leading to unintended control flow and Denial of Service

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)Citrix (Cloud Software Group, Inc.)
Product-netscaler_gatewaynetscaler_application_delivery_controllerADCGatewayNetScaler ADC and Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-5777
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.3||CRITICAL
EPSS-47.84% / 97.63%
||
7 Day CHG-4.91%
Published-17 Jun, 2025 | 12:29
Updated-14 Aug, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-11||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)Citrix (Cloud Software Group, Inc.)
Product-netscaler_gatewaynetscaler_application_delivery_controllerADCGatewayNetScaler ADC and Gateway
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-52528
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:21
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Auth Token can be passed dummy or wrong the middleware response is 200 OK

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens, which allows attackers to bypass intended restrictions. This vulnerability is fixed in 1.5.2.

Action-Not Available
Vendor-BudgetControlbudgetcontrol
Product-Gatewaygateway
CWE ID-CWE-285
Improper Authorization
CVE-2023-1580
Assigner-Devolutions Inc.
ShareView Details
Assigner-Devolutions Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.43%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 17:49
Updated-25 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable.

Action-Not Available
Vendor-Devolutions
Product-devolutions_gatewayGateway
CWE ID-CWE-400
Uncontrolled Resource Consumption