CVE-2025-59968 - Vulnerability Details

CVE-2025-59968 - Junos Space Security Director: Insufficient authorization for sensitive resources in web interface

A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Juniper	Junos Junos Space Space Security Director Srx1500 Srx1600 Srx2300 Srx300 Srx320 Srx340 Srx345 Srx380 Srx4100 Srx4120 Srx4200 Srx4300 Srx4600 Srx4700 Srx5400 Srx5600 Srx5800 Vsrx

Configuration 1 [-]

AND

OR	cpe:2.3:a:juniper:space_security_director::::::::
	cpe:2.3:a:juniper:space_security_director:24.1:r1::::::
	cpe:2.3:a:juniper:space_security_director:24.1:r2::::::
	cpe:2.3:a:juniper:space_security_director:24.1:r3::::::

OR	cpe:2.3:a:juniper:vsrx:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4120:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA103157
https://www.juniper.net/documentation/us/en/software/nm-apps24.1/junos-space-security-director/topics/task/junos-space-metadata-creating.html

History

Fri, 23 Jan 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800 Juniper vsrx
Weaknesses		CWE-862
CPEs		cpe:2.3:a:juniper:space_security_director:::::::: cpe:2.3:a:juniper:space_security_director:24.1:r1:::::: cpe:2.3:a:juniper:space_security_director:24.1:r2:::::: cpe:2.3:a:juniper:space_security_director:24.1:r3:::::: cpe:2.3:a:juniper:vsrx:-:::::::* cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:h:juniper:srx4120:-:::::::* cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::*
Vendors & Products		Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800 Juniper vsrx

Fri, 10 Oct 2025 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Juniper junos Space Juniper space Security Director
Vendors & Products		Juniper Juniper junos Juniper junos Space Juniper space Security Director

Thu, 09 Oct 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 09 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices.
Title		Junos Space Security Director: Insufficient authorization for sensitive resources in web interface
References		https://supportportal.juniper.net/JSA103157 https://www.juniper.net/documentation/us/en/software/nm-apps24.1/junos-space-security-director/topics/task/junos-space-metadata-creating.html
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N'}` cvssV4_0 `{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/AU:Y/R:A/V:C/RE:M/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2025-10-09T15:48:08.091Z

Updated: 2025-10-09T16:03:31.610Z

Reserved: 2025-09-23T18:19:06.955Z

Link: CVE-2025-59968

Vulnrichment

Updated: 2025-10-09T16:03:16.938Z

NVD

Status : Analyzed

Published: 2025-10-09T16:15:46.837

Modified: 2026-01-23T19:59:41.223

Link: CVE-2025-59968

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact High

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object