Buxuqua

**Name of the Vulnerable Software and Affected Versions** Citrix NetScaler VPX versions prior to NS12.0 53.13.nc **Description** The issue is related to insufficient validation of incoming requests in Citrix NetScaler, allowing a remote attacker with webapp privileges to exploit the vulnerability. This can lead to access to the nsroot account and execution of arbitrary commands with root privileges via Server-Side Request Forgery (SSRF) attacks using the "/rapi/read url" API endpoint. **Recommendations** For Citrix NetScaler VPX versions prior to NS12.0 53.13.nc, consider restricting access to the /rapi/read url URI to prevent SSRF attacks until a patch is available. As a temporary workaround, limit the privileges of webapp accounts to minimize the risk of exploitation.