Arbitrary File Download Vulnerability in Junos Space Web Interface by Juniper Networks
CVE-2025-59976
7.1HIGH
Key Information:
- Vendor
Juniper Networks
- Status
- Vendor
- CVE Published:
- 9 October 2025
Badges
👾 Exploit Exists
What is CVE-2025-59976?
An arbitrary file download vulnerability exists within the web interface of Juniper Networks' Junos Space, enabling a network-based authenticated attacker to exploit crafted GET requests to access any files on the file system. This could expose sensitive information that is typically inaccessible to low-privileged users. All versions of Junos Space prior to 24.1R3 are impacted.
Affected Version(s)
Junos Space 0 < 24.1R3
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Juniper SIRT would like to acknowledge and thank Arnoldas Radisauskas and Jorge Escabias from NATO Cyber Security Center for responsibly reporting this vulnerability.