CVE-2025-12101
Published Nov 11, 2025
Last updated 4 months ago
- Description
- Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- Source
- secure@citrix.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- secure@citrix.com
- CWE-79
- Hype score
- Not currently trending
Three reports tied to CVE-2025-12101 are now triaged on HackerOne. https://t.co/Wdg77lB1uB
@0xlipon
9 Jan 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
23 Nov 2025
557 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
22 Nov 2025
522 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - https://t.co/34AjZlZyAa
@FAMASoon
20 Nov 2025
204 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
📚 Exploiting Citrix NetScaler CVE-2025-12101 Memory leak vulnerability combined with reflected XSS in Citrix NetScaler appliances. Read: https://t.co/UDRJtdnG1l https://t.co/TH8muUGRnW
@IntCyberDigest
19 Nov 2025
1859 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
16 Nov 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
15 Nov 2025
764 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/KO3OfAhcRH
@_r_netsec
14 Nov 2025
555 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
GitHub - 7amzahard/CVE-2025-21202-exploit: CVE-2025-12101 is a cross-site scripting (XSS) vulnerability impacting Citrix NetScaler ADC and Citrix NetScaler Gateway appliances when configured in certain roles (Gateway, AAA virtual server) https://t.co/IrvmXLb8qL
@akaclandestine
14 Nov 2025
800 Impressions
3 Retweets
3 Likes
4 Bookmarks
1 Reply
0 Quotes
🚨 Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks Read more: https://t.co/5cOdZ70RUj… Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijack
@HenryDamilolas
13 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks Read more: https://t.co/pAddRMohfE Tracked as CVE-2025-12101, the flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking
@The_Cyber_News
13 Nov 2025
4967 Impressions
37 Retweets
97 Likes
18 Bookmarks
2 Replies
0 Quotes
NetScaler製品にXSS脆弱性、古いバージョンは永続的リスクに。Cloud Software GroupはCVE-2025-12101を公開し、悪意あるスクリプト注入によりセッション乗っ取りや情報漏洩の恐れがあると警告した。EOL環境では修正不能
@yousukezan
13 Nov 2025
1549 Impressions
1 Retweet
9 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-12101 - medium 🚨 Citrix NetScaler ADC & Gateway - Reflected XSS > Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance ... 👾 https://t.co/OMUsxVHq7x @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
12 Nov 2025
1100 Impressions
2 Retweets
13 Likes
6 Bookmarks
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) https://t.co/y9o3Qkq7vQ
@endi24
12 Nov 2025
416 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) - watchTowr Labs https://t.co/uITmxIdZp9 https://t.co/ogkI3NS2tp
@secharvesterx
12 Nov 2025
132 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin CVE-2025-12101 has a moderate severity score of 5.9. It's time to consider an upgrade. https://t.co/cGRf5SxnyU https://t.co/qiVTE3DejC
@Koetzing
11 Nov 2025
163 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12101 Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AA… https://t.co/RjyHdSFy8G
@CVEnew
11 Nov 2025
283 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-12101 https://t.co/Cu8JiEYNBo
@endi24
11 Nov 2025
417 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-12101 https://t.co/prv8ekNiX8
@rigtsec
11 Nov 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes