CVE-2025-59976
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-09

Last updated on: 2025-10-14

Assigner: Juniper Networks, Inc.

Description
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-09
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59976
EUVD
EUVD-2025-33390
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
juniper junos_space *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an arbitrary file download issue in the web interface of Juniper Networks Junos Space. It allows a network-based authenticated attacker to use specially crafted GET requests to access any file on the system's file system, including files that are normally restricted and contain sensitive information. This happens because the attacker can bypass the usual file path restrictions enforced by the JBoss daemon.

Impact Analysis

The vulnerability can impact you by allowing an authenticated attacker to access sensitive files on the system that should be restricted. This could lead to exposure of confidential information, potentially compromising the security and privacy of your network and data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59976. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart