CVE-2025-12101
Published Nov 11, 2025
Last updated 5 days ago
AI description
CVE-2025-12101 is a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. It enables attackers to inject malicious scripts into web pages served by affected NetScaler instances. If successfully exploited, this flaw could allow threat actors to execute arbitrary code in users' browsers, potentially leading to session hijacking, credential theft, or malware distribution. The vulnerability manifests when NetScaler is configured as a Gateway with specific virtual server types, including VPN, ICA Proxy, CVPN, or RDP Proxy, or when using AAA virtual servers for authentication. Organizations must verify their configurations to determine exposure. It is recommended to update NetScaler ADC and Gateway to the latest versions to fix the XSS vulnerability.
- Description
- Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- Source
- secure@citrix.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- secure@citrix.com
- CWE-79
- Hype score
- Not currently trending
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
16 Nov 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
15 Nov 2025
764 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
14 Nov 2025
555 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - 7amzahard/CVE-2025-21202-exploit: CVE-2025-12101 is a cross-site scripting (XSS) vulnerability impacting Citrix NetScaler ADC and Citrix NetScaler Gateway appliances when configured in certain roles (Gateway, AAA virtual server) https://t.co/IrvmXLb8qL
@akaclandestine
14 Nov 2025
800 Impressions
3 Retweets
3 Likes
4 Bookmarks
1 Reply
0 Quotes
🚨 Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks Read more: https://t.co/5cOdZ70RUj… Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijack
@HenryDamilolas
13 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks Read more: https://t.co/pAddRMohfE Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking
@The_Cyber_News
13 Nov 2025
4967 Impressions
37 Retweets
97 Likes
18 Bookmarks
2 Replies
0 Quotes
NetScaler製品にXSS脆弱性、古いバージョンは永続的リスクに。Cloud Software GroupはCVE-2025-12101を公開し、悪意あるスクリプト注入によりセッション乗っ取りや情報漏洩の恐れがあると警告した。EOL環境では修正不能
@yousukezan
13 Nov 2025
1549 Impressions
1 Retweet
9 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12101 - medium 🚨 Citrix NetScaler ADC & Gateway - Reflected XSS > Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance ... 👾 https://t.co/OMUsxVHq7x @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
12 Nov 2025
1100 Impressions
2 Retweets
13 Likes
6 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) https://t.co/y9o3Qkq7vQ
@endi24
12 Nov 2025
416 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/uITmxIdZp9 https://t.co/ogkI3NS2tp
@secharvesterx
12 Nov 2025
132 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin CVE-2025-12101 has a moderate severity score of 5.9. It's time to consider an upgrade. https://t.co/cGRf5SxnyU https://t.co/qiVTE3DejC
@Koetzing
11 Nov 2025
163 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12101 Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AA… https://t.co/RjyHdSFy8G
@CVEnew
11 Nov 2025
283 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-12101 https://t.co/Cu8JiEYNBo
@endi24
11 Nov 2025
417 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-12101 https://t.co/prv8ekNiX8
@rigtsec
11 Nov 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes