CVE-2025-8424
High
Published: 26 August 2025
Published
26 August 2025
Modified
15 April 2026
KEV Added
—
Patch
—
CVSS Score v4
8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0038
59.8th percentile
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2025-8424 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Citrix (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 40.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25868
Vulnerability details
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Citrix
—
inferred from references and description; NVD did not file a CPE for this CVE
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.