CVE-2025-59974

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber

Name of the Vulnerable Software and Affected Versions Juniper Security Director versions prior to 24.1R4

Description An Improper Neutralization of Input During Web Page Generation issue exists in Juniper Security Director, allowing an attacker to inject malicious scripts into the application. These scripts are stored and executed in the context of other users' browsers when they access affected pages. This is a Cross-site Scripting (XSS) issue.

Recommendations Update to version 24.1R4 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-59974

Affected Products

Juniper Security Director

CVE-2025-59974

Weakness Enumeration

Related Identifiers

Affected Products

References · 8