CVE-2025-52987
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control.Β  This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52987
EUVD
EUVD-2026-2709
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
juniper_networks paragon_automation to 24.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a clickjacking issue in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights). It occurs because the application does not set the appropriate X-Frame-Options and X-Content-Type HTTP headers. This allows an attacker to trick users into interacting with the web interface in a way controlled by the attacker.

Impact Analysis

The vulnerability can impact you by allowing attackers to deceive users into performing unintended actions on the Paragon Automation web portal. This could lead to unauthorized operations or manipulation of the system through the user's interaction with a maliciously crafted interface.

Detection Guidance

You can detect this vulnerability by checking if the Juniper Networks Paragon Automation web portal responses lack the appropriate X-Frame-Options and X-Content-Type HTTP headers. For example, you can use curl commands to inspect the HTTP headers: curl -I https://<paragon-automation-url> and look for the absence of X-Frame-Options and X-Content-Type headers.

Mitigation Strategies

Immediate mitigation steps include updating Juniper Networks Paragon Automation to version 24.1.1 or later, where the vulnerability is fixed. If updating is not immediately possible, consider implementing web server or proxy configurations to add appropriate X-Frame-Options and X-Content-Type headers to the HTTP responses to prevent clickjacking attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52987. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart