CVE-2025-59976

High CVSS: 7.1

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

Vendor

Juniper

Product

Junos Space

CWE

CWE-552

Yayın Tarihi

2025-10-09 16:15:47

Güncelleme

2026-01-23 19:45:09

Source Identifier

sirt@juniper.net

KEV Date Added

Kategoriler

CWE-552 Junos Space HIGH Juniper 2025

Referanslar

https://supportportal.juniper.net/JSA103170

Benzer Kayıtlar

Critical

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juni…

High

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allo…

High

CVE-2026-21920

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthent…

High

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows…

High

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS E…

Medium

CVE-2026-21912

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statist…