Medium severityNVD Advisory· Published Nov 11, 2025· Updated Apr 15, 2026
CVE-2025-12101
CVE-2025-12101
Description
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
2- CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)watchTowr Labs · Jun 30, 2026
- Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)watchTowr Labs · Nov 12, 2025