Error type:
CWE-302:Authentication Bypass by Assumed-Immutable Data
Vulnerability vector:
Base vulnerability score (CVSSv4.0): AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 8.8 (high)
Description:
The discovered vulnerability in NetScaler ADC allows an attacker to bypass the authentication proceduce. The affected products:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-58.32
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.235-FIPS and NDcPP
- NetScaler ADC 12.1-FIPS BEFORE 12.1-55.328-FIPS
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 17.06.2025
Recommendations:
Update to version the following versions or higher:
- NetScaler ADC and NetScaler Gateway 14.1-43.56 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-58.32 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.235 and later releases of 13.1-FIPS and 13.1-NDcPP
- NetScaler ADC 12.1-FIPS 12.1-55.328 and later releases of 12.1-FIPS
Additional information: Security advisory
Identifiers:
CVE-2025-5349
BDU:2025-09318
Vendor:
Cloud Software Group, Inc.
Vulnerable product:
NetScaler ADC