CVE-2025-59976 | THREATINT

Description

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

PUBLISHED Reserved 2025-09-23 | Published 2025-10-09 | Updated 2025-10-09 | Assigner juniper

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status

unaffected

Any version before 24.1R3

affected

Credits

Juniper SIRT would like to acknowledge and thank Arnoldas Radisauskas and Jorge Escabias from NATO Cyber Security Center for responsibly reporting this vulnerability. finder

References

supportportal.juniper.net/JSA103170 vendor-advisory

cve.org (CVE-2025-59976)

nvd.nist.gov (CVE-2025-59976)

Download JSON