CVE-2025-59981

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4

Description An issue exists in Juniper Networks Junos Space that allows an attacker to inject script tags into the Device Template Definition page. When another user visits this page, the attacker can execute commands with the target’s permissions, potentially including administrator privileges. This is due to improper neutralization of input during web page generation, leading to a cross-site scripting condition.

Recommendations Update to Junos Space version 24.1R4 or later.