CVE-2025-8424: 
Citrix ADC VPX vulnerability analysis and mitigation

CVE-2025-8424 is an improper access control vulnerability affecting NetScaler ADC and NetScaler Gateway appliances. The vulnerability was disclosed on August 26, 2025, as part of a security advisory that included three vulnerabilities. This vulnerability received a CVSSv4 score of 8.7 (High) (Hacker News).

The vulnerability stems from improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway. While no privileges are required to exploit this vulnerability, an attacker would need access to the appliance NSIP, Cluster Management IP, local GSLB Site IP, or SNIP with Management Access (Tenable).

The vulnerability could allow unauthorized access to management functions when an attacker can gain access to specific management interfaces of the appliance (NVD).

Citrix has released patches to address this vulnerability in the following versions: NetScaler ADC and NetScaler Gateway 14.1-47.48 and later releases, NetScaler ADC and NetScaler Gateway 13.1-59.22 and later releases of 13.1, NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.241 and later releases, and NetScaler ADC 12.1-FIPS and 12.1-NDcPP 12.1-55.330 and later releases (Rapid7).