PT-2025-41398 · Vmware+1 · Vmware Nsx+2
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-11198
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Security Director Policy Enforcer versions prior to 23.1R1 Hotpatch v3
Description
A missing authentication check for a critical function in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. Specifically, if a trusted user initiates deployment, the Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one. The system does not verify the identity of the entity uploading or deploying images, enabling malicious actors to inject compromised images into the deployment pipeline.
Recommendations
Update to version 23.1R1 Hotpatch v3.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Security Director Policy Enforcer
Vmware Nsx
Vsrx