What is CVE-2025-8424?

CVE-2025-8424 is a vulnerability in Netscaler Adc, classified under Improper Validation of Specified Quantity in Input. Published 2025-08-26.

Is CVE-2025-8424 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Netscaler Adc

CVE-2025-8424

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

EPSS: 0.004 (59.7th percentile) — read the EPSS interpretation.

Affected products

Netscaler Adc — versions 14.1, 13.1, 13.1 FIPS and NDcPP
Netscaler Gateway — versions 14.1, 13.1, 13.1 FIPS and NDcPP

Weakness classification (CWE)

CWE-1284 — Improper Validation of Specified Quantity in Input

Public proof-of-concept exploits

References

support.citrix.com/support-home/kbsearch/article

Frequently asked questions

What is CVE-2025-8424?: CVE-2025-8424 is a vulnerability in Netscaler Adc, classified under Improper Validation of Specified Quantity in Input. Published 2025-08-26.
Is CVE-2025-8424 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.