vulnerability

NetScaler ADC: CVE-2025-12101: Cross-Site Scripting (XSS) vulnerability in NetScaler ADC

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Nov 11, 2025	Nov 12, 2025	Jan 12, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Nov 11, 2025

Added

Nov 12, 2025

Modified

Jan 12, 2026

Description

A Cross-Site Scripting (XSS) vulnerability affects NetScaler ADC when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. This vulnerability could allow attackers to execute malicious scripts in users' browsers.

Solution

citrix-adc-upgrade-latest

References

CVE-2025-12101
https://attackerkb.com/topics/CVE-2025-12101
URL-https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX695486
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today