CVE-2025-52987

Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

CVSS 5.1 MEDIUMEPSS 0.2%CWE-1021

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

15 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control. This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M

Affected products

Juniper Networks · Paragon Automation (Pathfinder, Planner, Insights)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.juniper.net/JSA103145 https://supportportal.juniper.net/