Home

Description

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory. This issue affects Junos OS:  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2.

PUBLISHED Reserved 2025-09-23 | Published 2025-10-09 | Updated 2025-10-10 | Assigner juniper




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M

Problem types

CWE-305 Authentication Bypass by Primary Weakness

Product status

Default status
unaffected

Any version before 22.4R3-S8
affected

23.2 before 23.2R2-S3
affected

23.4 before 23.4R2
affected

References

supportportal.juniper.net/JSA103167 vendor-advisory

cve.org (CVE-2025-59980)

nvd.nist.gov (CVE-2025-59980)

Download JSON