CVE-2025-52987

Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

CVSS 5.1 MEDIUMEPSS 0.2%CWE-1021

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

15 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control. This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M

Produtos afetados

Juniper Networks · Paragon Automation (Pathfinder, Planner, Insights)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://kb.juniper.net/JSA103145 https://supportportal.juniper.net/