CVE-2025-59980
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos | 23.4 |
| juniper | junos | 23.2 |
| juniper | junos | 22.4r3-s8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in the FTP server of Juniper Networks Junos OS. It allows an unauthenticated attacker on the network to log in as the user "ftp" or "anonymous" without providing the configured password. Once logged in, the attacker gains limited read-write access to the home directory of that user on the device.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized limited read-write access to files in the home directory of the "ftp" or "anonymous" user on the affected Junos OS device. This could lead to unauthorized data modification or exposure, potentially compromising the integrity and confidentiality of the device's data.