CVE-2025-59968

CWE-862 — Missing Authorization4 documents4 sources

Severity

7.7HIGH

EPSS

0.0%

top 87.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos Space Security Director Juniper Space Security Director Juniper Networks Junos OS

Timeline

PublishedOct 9

Description

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not aff…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_space_security_director< 24.1R3 Patch V4

▶NVDjuniper/space_security_director< 24.1+1

▶CVEListV5juniper_networks/junos_os0

🔴Vulnerability Details

GHSA

GHSA-wh8m-vpwg-c7rq: A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read o↗2025-10-09

▶

CVEList

Junos Space Security Director: Insufficient authorization for sensitive resources in web interface↗2025-10-09

▶

📋Vendor Advisories

Juniper

CVE-2025-59968: A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read o↗2025-10-09

▶