- 223/2025
- Critical
Juniper has released security updates to fix several vulnerabilities affecting multiple Juniper Networks products.
The addressed vulnerabilities could allow the remote attacker to perform denial of service or cross-site scripting attacks, obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary commands and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Juniper Networks Junos Space Stored Cross-Site Scripting Vulnerability (CVE-2025-59978):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. Juniper Security Director Insufficient Authorization Vulnerability (CVE-2025- 59968):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.