cbcvebase.
CVE-2025-52950
published 2025-07-11

CVE-2025-52950: A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple…

PriorityP260critical9.6CVSS 3.1
AVNACLPRLUINSCCNIHAH
EPSS
0.37%
29.1th percentile
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices. This issue affects Security Director version 24.4.1.

Affected

2 ranges
VendorProductVersion rangeFixed in
junipersecurity_director
juniper_networksjuniper_security_director

Detection & IOCsextracted from sources · hover to see the quote

  • Multiple web interface endpoints on Juniper Security Director do not validate authorization, allowing unauthenticated network-based access to sensitive resources
  • ·Vulnerability is confirmed only in Security Director version 24.4.1; scope limited to this specific release
  • ·Exploitation requires no authentication and is network-based via the web interface, meaning no credentials or prior access are needed; downstream managed devices may be impacted as a secondary effect

CVSS provenance

nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
nvdv4.06.4MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.