- 252/2025
- High
Citrix has released security updates to address several vulnerabilities across multiple Citrix products.
The addressed vulnerability could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, or gain elevated privileges to the affected system.
Sample of the addressed vulnerabilities:
Citrix XenSource Xen Privilege Escalation Vulnerability (CVE-2025-58147):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
The affected products:
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-56.73.
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-60.32.
- NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.250-FIPS and NDcPP.
- NetScaler ADC 12.1-FIPS and NDcPP BEFORE 12.1-55.333-FIPS and NDcPP.
- Citrix XenServer 8.4.
Vulnerabilities
- CVE-2025-27466
- CVE-2025-58142
- CVE-2025-58143
- CVE-2025-58146
- CVE-2025-58147
- CVE-2025-58148
- CVE-2025-12101
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.