CVE-2025-52950

Name of the Vulnerable Software and Affected Versions: Juniper Networks Security Director version 24.4.1

Description: A missing authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization, delivering information to the caller outside their authorization level. An attacker can access data beyond their authorized level, potentially gaining access to additional information or perpetrating further attacks, impacting downstream managed devices.

Recommendations: Versions prior to 24.4.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.