CVE-2025-11198HIGHCVSS 8.5fixed in 23.1R1 Hotpatch v32025-10-09
CVE-2025-11198 [HIGH] CWE-306 CVE-2025-11198: A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director P
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.
If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX
nvd