CVE-2025-59980
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-09

Last updated on: 2025-10-14

Assigner: Juniper Networks, Inc.

Description
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory. This issue affects Junos OS:Β  * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-09
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59980
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
juniper junos 23.4
juniper junos 23.2
juniper junos 22.4r3-s8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in the FTP server of Juniper Networks Junos OS. It allows an unauthenticated attacker on the network to log in as the user "ftp" or "anonymous" without providing the configured password. Once logged in, the attacker gains limited read-write access to the home directory of that user on the device.

Impact Analysis

An attacker exploiting this vulnerability can gain unauthorized limited read-write access to files in the home directory of the "ftp" or "anonymous" user on the affected Junos OS device. This could lead to unauthorized data modification or exposure, potentially compromising the integrity and confidentiality of the device's data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart