CVE-2025-6549 — Incorrect Authorization in Networks Junos OS

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 81.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 11

Description

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 version…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os22.2 — 22.2R3-S5+5

▶NVDjuniper/junos< 21.4+6

🔴Vulnerability Details

CVEList

Junos OS: SRX Series: J-Web can be exposed on additional interfaces↗2025-07-11

▶

GHSA

GHSA-j7m5-q9g3-5q68: An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacke↗2025-07-11

▶

📋Vendor Advisories

Juniper

CVE-2025-6549: An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacke↗2025-07-11

▶