CVE-2025-11198
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | security_director_policy_enforcer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authentication for Critical Function issue in Juniper Networks Security Director Policy Enforcer. It allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, the Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of the legitimate image.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to deploy malicious vSRX images in place of legitimate ones, potentially compromising the security and integrity of your network infrastructure. This could lead to unauthorized access, manipulation, or disruption of network services.