CVE-2025-6549

Medium CVSS: 6.9

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the

Juniper Web Device Manager

(J-Web).

When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces.
This issue affects Junos OS:

* all versions before 21.4R3-S9,
* 22.2 versions before 22.2R3-S5,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S5,
* 24.2 versions before 24.2R2.

Vendor

Juniper

Product

Junos

CWE

CWE-863

Yayın Tarihi

2025-07-11 16:15:26

Güncelleme

2026-01-23 18:18:21

Source Identifier

sirt@juniper.net

KEV Date Added

Kategoriler

CWE-863 Junos MEDIUM Juniper 2025

Referanslar

https://supportportal.juniper.net/JSA100098

Benzer Kayıtlar

Critical

CVE-2026-21902

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juni…

High

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allo…

High

CVE-2026-21920

An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthent…

High

CVE-2026-21921

A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows…

High

CVE-2026-21911

An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS E…

Medium

CVE-2026-21912

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statist…