CVE-2025-59976
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-59976, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-09

Last updated on: 2025-10-14

Assigner: Juniper Networks, Inc.

Description

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-09
Last Modified
2025-10-14
Generated
2026-07-06
AI Q&A
2025-10-09
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
juniper junos_space *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an arbitrary file download issue in the web interface of Juniper Networks Junos Space. It allows a network-based authenticated attacker to use specially crafted GET requests to access any file on the system's file system, including files that are normally restricted and contain sensitive information. This happens because the attacker can bypass the usual file path restrictions enforced by the JBoss daemon.

Impact Analysis

The vulnerability can impact you by allowing an authenticated attacker to access sensitive files on the system that should be restricted. This could lead to exposure of confidential information, potentially compromising the security and privacy of your network and data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59976. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart