PT-2025-41410 · Juniper Networks · Junos Space
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-59976
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos Space versions prior to 24.1R3
Description
A flaw exists in the web interface of Junos Space that could allow a network-based attacker with valid credentials to download arbitrary files from the file system. An attacker can leverage a crafted GET method to access files outside the normally permitted file path, potentially gaining access to sensitive information restricted to low-privileged users. The issue stems from the JBoss daemon allowing access to files beyond its intended scope.
Recommendations
Update to Junos Space version 24.1R3 or later.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Space