CVE-2025-59976

Junos Space: Arbitrary file download vulnerability in web interface

CVSS 7.1 HIGHEPSS 0.3%CWE-552

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

09 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M

Produtos afetados

Juniper Networks · Junos Space

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://supportportal.juniper.net/JSA103170