CVE-2025-59976
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_space | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file download issue in the web interface of Juniper Networks Junos Space. It allows a network-based authenticated attacker to use specially crafted GET requests to access any file on the system's file system, including files that are normally restricted and contain sensitive information. This happens because the attacker can bypass the usual file path restrictions enforced by the JBoss daemon.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated attacker to access sensitive files on the system that should be restricted. This could lead to exposure of confidential information, potentially compromising the security and privacy of your network and data.