# CVE-2025-12101 Scanner
[](https://www.python.org/downloads/)
[](LICENSE)
Multi-threaded vulnerability scanner for **CVE-2025-12101** - Citrix NetScaler XSS via SAML RelayState.
## 🎯 Overview
CVE-2025-12101 is a reflected XSS vulnerability in Citrix NetScaler ADC and Gateway products affecting the `/cgi/logout` endpoint through the `RelayState` parameter.
**CVSS Score:** 5.9 (Medium)
## ✨ Features
- ✅ Single host (`-u`) or multiple hosts (`-f`) scanning
- ✅ Multi-threaded scanning (1-100 threads)
- ✅ Unique payload verification (zero false positives)
- ✅ Dual protocol testing (HTTP + HTTPS)
- ✅ Real-time progress bar
- ✅ CSV output with detailed results
- ✅ Proxy support (Burp Suite, OWASP ZAP)
## 🔧 Installation
```bash
# Clone repository
git clone https://github.com/boneys/CVE-2025-12101-Scanner.git
cd CVE-2025-12101-Scanner
# Install dependencies
pip3 install -r requirements.txt
```
## 🚀 Usage
```bash
# Scan single host
python3 CVE_2025-12101.py -u https://netscaler.example.com
# Scan from file
python3 CVE_2025-12101.py -f targets.txt -t 20
# Test both HTTP and HTTPS
python3 CVE_2025-12101.py -f targets.txt --both-protocols
# Scan through proxy
python3 CVE_2025-12101.py -u example.com --proxy http://127.0.0.1:8080
* If script shows timeout but is accessible via browser, use the proxy.
```
### Arguments
```
Required (one of):
-u, --url URL Single target URL
-f, --file FILE File with target URLs (one per line)
Optional:
-t, --threads THREADS Number of threads (default: 10)
-o, --output OUTPUT Output CSV file (default: cve-2025-12101_results.csv)
--timeout TIMEOUT Request timeout in seconds (default: 10)
--both-protocols Test both HTTP and HTTPS
--proxy PROXY Proxy URL (e.g., http://127.0.0.1:8080)
```
## 📊 Example Output
```
[████████████████████----------] 68.5% | Total: 137/200 |
Vulnerable: 3 | Not Vulnerable: 130 | Errors: 4
[!] VULNERABLE: https://netscaler1.example.com | Marker: XSSTEST7f3a9b2c
[+] Results saved to: cve-2025-12101_results.csv
```
## 🛡️ Vulnerability Details
**Affected Versions:**
- NetScaler ADC and Gateway 14.1 before 14.1-56.73
- NetScaler ADC and Gateway 13.1 before 13.1-60.32
- NetScaler ADC 13.1-FIPS before 13.1-37.250
- NetScaler ADC 12.1-FIPS before 12.1-55.333
**Affected Configurations:**
- Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)
- AAA virtual server
## ⚠️ Legal Disclaimer
**FOR AUTHORIZED SECURITY TESTING ONLY**
This tool is provided for educational and authorized security testing purposes only. Only use on systems you own or have explicit written permission to test.
### Authorized Use:
✅ Security professionals with written authorization
✅ Testing your own systems/infrastructure
✅ Bug bounty programs (within scope)
✅ Red team exercises with proper agreements
### Prohibited Use:
❌ Unauthorized scanning of third-party systems
❌ Malicious attacks or exploitation
❌ Any illegal activities
**The author assumes no liability for misuse.**
## 📚 References
- [CVE Details](https://nvd.nist.gov/vuln/detail/CVE-2025-12101)
- [Citrix Security Bulletin](https://support.citrix.com/external/article/CTX695486/netscaler-adc-and-netscaler-gateway-secu.html)
- [watchTowr Labs Research](https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/)
## 🙏 Credits
- watchTowr Labs (Sina Kheirkhah)
## 📄 License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
---
⭐ If this tool helped you, please consider giving it a star!
[4.0K] /data/pocs/5602112007a9ff94d65a7db4677ff220b43b6053
├── [ 19K] CVE_2025-12101.py
├── [1.0K] LICENSE
├── [3.8K] README.md
└── [ 32] requirements.txt
1 directory, 4 files