CVE-2025-59968

High CVSS: 7.7

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface.

Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls.

This issue affects Junos Space Security Director
* all versions prior to 24.1R3 Patch V4

This issue does not affect managed cSRX Series devices.

Vendor

Juniper

Product

Space Security Director

CWE

CWE-862

Yayın Tarihi

2025-10-09 16:15:46

Güncelleme

2026-01-23 19:59:41

Source Identifier

sirt@juniper.net

KEV Date Added

Kategoriler

CWE-862 Space Security Director HIGH Juniper 2025

Referanslar

https://supportportal.juniper.net/JSA103157 https://www.juniper.net/documentation/us/en/software/nm-apps24.1/junos-space-security-director/topics/task/junos-space-metadata-creating.html

Benzer Kayıtlar

Critical

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juni…

High

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allo…

High

CVE-2026-21920

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthent…

High

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows…

High

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS E…

Medium

CVE-2026-21912

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statist…