Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

NetScaler (Cloud Software Group, Inc.)

BOS ID

-
BOSS-VENDOR-76970

Tags

-
N/A

Related Bos

-
Cloud Software Group, Inc.

Note

-

https://www.netscaler.com/ https://www.cloud.com/legal

Mapped CVEsMapped VendorsRelated AssignersReports
14Vulnerabilities found
CVE-2025-8424
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.7||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 13:11
Updated-26 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper access control on the NetScaler Management Interface

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-ADCGateway
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-7776
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 13:03
Updated-26 Aug, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-ADCGateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-7775
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.2||CRITICAL
EPSS-Not Assigned
Published-26 Aug, 2025 | 12:56
Updated-26 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service

Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-ADCGateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-6543
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.2||CRITICAL
EPSS-4.51% / 88.68%
||
7 Day CHG+0.30%
Published-25 Jun, 2025 | 12:49
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-21||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Memory overflow vulnerability leading to unintended control flow and Denial of Service

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)Citrix (Cloud Software Group, Inc.)
Product-netscaler_gatewaynetscaler_application_delivery_controllerADCGatewayNetScaler ADC and Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-4365
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 31.50%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 12:38
Updated-06 Aug, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read

Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_consolenetscaler_sdxSDX (SVM)Console
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-5349
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.7||HIGH
EPSS-0.06% / 18.66%
||
7 Day CHG+0.01%
Published-17 Jun, 2025 | 12:32
Updated-06 Aug, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_gatewaynetscaler_application_delivery_controllerADC
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-5777
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.3||CRITICAL
EPSS-47.84% / 97.63%
||
7 Day CHG-4.91%
Published-17 Jun, 2025 | 12:29
Updated-14 Aug, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-07-11||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread

Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)Citrix (Cloud Software Group, Inc.)
Product-netscaler_gatewaynetscaler_application_delivery_controllerADCGatewayNetScaler ADC and Gateway
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-12284
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.85%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 23:30
Updated-21 Feb, 2025 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated privilege escalation

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-AgentConsole
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-8535
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 48.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:28
Updated-21 Nov, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated user can access unintended user capabilities

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-NetScaler ADCNetScaler Gatewaygatewayadc
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2024-8534
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-8.4||HIGH
EPSS-0.44% / 62.43%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:15
Updated-21 Nov, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety vulnerability leading to memory corruption and Denial of Service

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-NetScaler ADCNetScaler Gatewaynetscaler-adc_12.1-fipsnetscaler-adc_13.1-fipsadcgatewaynetscaler-adc_12.1-ndcpp
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-6236
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.50% / 64.87%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 20:18
Updated-06 Jun, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_agentnetscaler_sdxnetscaler_consoleNetScaler ConsoleAgentSDXsdxnetscaler_consoleagent
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-6235
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-9.4||CRITICAL
EPSS-85.78% / 99.33%
||
7 Day CHG+1.73%
Published-10 Jul, 2024 | 19:07
Updated-14 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive information disclosure

Sensitive information disclosure in NetScaler Console

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-netscaler_consoleNetScaler Consolenetscaler_console
CWE ID-CWE-287
Improper Authentication
CVE-2024-5492
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.64% / 69.52%
||
7 Day CHG-0.74%
Published-10 Jul, 2024 | 19:04
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)NetScaler (Cloud Software Group, Inc.)
Product-NetScaler ADCnetscaler_application_delivery_controllernetscaler_gateway
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-5491
Assigner-Citrix Systems, Inc.
ShareView Details
Assigner-Citrix Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-0.59% / 68.07%
||
7 Day CHG+0.20%
Published-10 Jul, 2024 | 18:56
Updated-01 Nov, 2024 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

Action-Not Available
Vendor-NetScaler (Cloud Software Group, Inc.)
Product-NetScaler ADCNetScaler Gateway