CVE-2025-6549
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-11

Last updated on: 2025-07-15

Assigner: Juniper Networks, Inc.

Description
An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-11
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6549
EUVD
EUVD-2025-21166
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
juniper juniper_junos 23.4R2
juniper juniper_junos 24.2R2
juniper juniper_junos 22.4R3
juniper juniper_junos 21.4R3
juniper juniper_junos 22.2R3
juniper juniper_junos 23.2R2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Incorrect Authorization issue in the web server of Juniper Networks Junos OS on SRX Series devices. It allows an unauthenticated, network-based attacker to access the Juniper Web Device Manager (J-Web) interface over more network interfaces than intended when Juniper Secure Connect (JSC) is enabled on specific interfaces or when multiple interfaces are configured for J-Web.


How can this vulnerability impact me? :

The vulnerability can allow an unauthenticated attacker to reach the J-Web interface from unintended network interfaces, potentially exposing device management functions to unauthorized users. This could lead to unauthorized access to device configuration or management, increasing the risk of compromise or misuse of the affected network device.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade your Junos OS on SRX Series devices to a fixed version. Specifically, update to versions 21.4R3-S9 or later, 22.2R3-S5 or later, 22.4R3-S5 or later, 23.2R2-S3 or later, 23.4R2-S5 or later, or 24.2R2 or later, depending on your current version. Additionally, review and restrict the interfaces on which Juniper Secure Connect (JSC) and J-Web are enabled to ensure the J-Web UI is only reachable on intended interfaces.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart