Junos Space Security Director <24.1R3 Missing Auth Enables Metadata Tampering
CVE-2025-59968 Published on October 9, 2025

Junos Space Security Director: Insufficient authorization for sensitive resources in web interface
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface.  Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-59968 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Timeline

Initial Publication


Products Associated with CVE-2025-59968

Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.

Juniper Networks Junos
 

Affected Versions

Juniper Networks Junos Space Security Director: Juniper Networks Junos OS: Juniper Networks Junos OS:

Exploit Probability

EPSS
0.05%
Percentile
16.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.