Cloud Software Group disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway products, identified as CVE-2025-12101. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially resulting in session hijacking, data theft, or unauthorized actions. The flaw has a moderate CVSSv4 score of 5.9, indicating its network accessibility but dependency on user interaction. Specific configurations are required for exploitation, targeting NetScaler functionalities that include secure remote access and VPN connections.
Affected versions include those prior to 14.1-56.73 for 14.1, 13.1-60.32 for 13.1, and several FIPS/NDcPP variants. Importantly, versions 12.1 and 13.0 are no longer supported, leaving users vulnerable without patches. Cloud Software Group urges businesses to upgrade to patched releases and conduct configuration inspections to assess exposure to this vulnerability. Despite no active exploitation reports, the ease of addressing the flaw may attract opportunistic attackers. This disclosure highlights the need for ongoing vigilance in managing security postures amid evolving threat landscapes.
👉 Pročitaj original: Cyber Security News
