← back
CVE-2025-4365

NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read

CVSS 6.9 MEDIUMEPSS 7.0%CWE-1284
In short

A vulnerability in NetScaler Console and NetScaler SDX allows attackers to read any file on the system without proper authorization. This could expose sensitive configuration files, credentials, and other confidential data.

Technical detail

CWE-1284 (Improper Validation of Specified Quantity in Input) enables arbitrary file read via insufficient input validation in NetScaler Console and SDX (SVM). The attack requires network access to the affected service; successful exploitation exposes sensitive files and system information accessible to the application context.

Summary generated and translated by AI from the official description.
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
NetScaler · ConsoleNetScaler · SDX (SVM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694729