Citrix NetScaler Vulnerability - 20251117001¶
Overview¶
Citrix has published a security bulletin relating to vulnerabilities discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway).
Exploitation of the vulnerability could result in Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| NetScaler ADC and NetScaler Gateway |
- 14.1 prior to 14.1-56.73 - 13.1 prior to 13.1-60.32 - NetScaler ADC 13.1-FIPS and NDcPP prior to 13.1-37.250-FIPS and NDcPP - NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.333-FIPS and NDcPP |
CVE-2025-12101 | 5.9 | Medium |
What has been observed?¶
The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):