Home Innovation Citrix New XSS Weaknesses Expose NetS...

New XSS Weaknesses Expose NetScaler ADC and Gateway to Attacks

Citrix

NetScaler ADC, Gateway Face New XSS Threats - Business Honor

Business Honor
19 November, 2025

A new NetScaler XSS weakness lets attackers insert harmful scripts, risking private user data. Cloud Software Group urges immediate updates and configuration checks.

A new cross-site scripting (XSS) weakness affecting NetScaler ADC and NetScaler Gateway caused Cloud Software Group to issue a security advisory. The issue, which is known as CVE-2025-12101, can allow hackers to insert harmful scripts into user-viewed webpages. Account misuse, illegal activity, or the disclosure of private information could result from this. Attackers that target outdated or poorly maintained systems will find this weakness because it has a CVSS v4.0 score of 5.9 (Moderate), which suggests it is accessible over the network but still requires human engagement.

Appliances set up as an AAA virtual server to handle identification or as a gateway, like VPN virtual servers, ICA Proxy, CVPN, or RDP Proxy, are affected. The issue is linked to CWE-79, which describes wrong data neutralization while creating dynamic websites. Because NetScaler ADC and Gateway are frequently used for load balancing, secure authentication, and VPN access, any defect in these parts could have major consequences for businesses.

NetScaler ADC and Gateway 14.1, 14.1-56.73, 13.1, 13.1-60.32, 13.1-FIPS/NDcPP, 13.1-37.250-FIPS/NDcPP, 12.1-FIPS/NDcPP, and 12.1-55.333-FIPS/NDcPP are among the affected versions. Customers using versions 12.1 and 13.0 will always be in danger until they upgrade because those versions are nearing the end of their useful lives. The Cloud Software Group suggests administrators examine Gateway and authentication settings, apply the most recent upgrades right away, and make sure all Secure Private Access components are in line with supported versions, particularly in hybrid or local setups.

The weaknesses and the older systems in operation raise the risk of attacks even though no active use has been recorded. Since cloud-based services and adaptive identification are updated automatically, the alert only applies to customer-managed appliances. CVE-2025-12101 highlights the need for more active protection as businesses depend on identity-based security.