8.8 CVE-2025-5349

Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
https://nvd.nist.gov/vuln/detail/CVE-2025-5349

Categories

CWE-1284 : Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190). lack of validation of length field leads to infinite loop lack of validation of string length fields allows memory consumption or buffer over-read

CWE-NVD-Other

References

 

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*	>= 12.1	< 12.1-55.328
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*	>= 13.1	< 13.1-37.235
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*	>= 13.1	< 13.1-37.235
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*	>= 13.1	< 13.1-58.32
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*	>= 14.1	< 14.1-43.56
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*	>= 13.1	< 13.1-58.32
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*	>= 14.1	< 14.1-43.56

---

REMEDIATION

---

---

EXPLOITS

---

Exploit-db.com

id	description	date
No known exploits

---

POC Github

Url
No known exploits

---

Other Nist (github, ...)

Url
No known exploits

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

---