Incorrect Permission Assignment in Juniper Networks DHCP Daemon Affecting Junos OS
CVE-2025-59961

6.8MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 15 January 2026

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-59961?

A vulnerability exists in the Juniper DHCP daemon (jdhcpd) of Juniper Networks' Junos OS and Junos OS Evolved, where a local low-privileged user can exploit incorrect permission assignments to write to the Unix socket responsible for managing the DHCP service. This misconfiguration allows unauthorized control over the DHCP server or relay, potentially leading to significant network disruptions or unauthorized access. Systems running affected versions of Junos OS and Junos OS Evolved are at risk and should be updated accordingly.

Affected Version(s)

Junos OS 0 < 21.2R3-S10

Junos OS 21.4 < 21.4R3-S12

Junos OS 22.2 < 22.2*

References

https://supportportal.juniper.net/

vendor-advisory

https://kb.juniper.net/JSA103150

vendor-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 15, 2026
Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Sep 23, 2025

CVE-2025-59961 Data

JSON