Incorrect Authorization Flaw in Juniper Networks Junos OS for SRX Series
CVE-2025-6549

6.9MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-6549?

An Incorrect Authorization vulnerability exists in Juniper Networks Junos OS affecting the SRX Series. It allows unauthenticated network-based attackers to access the Juniper Web Device Manager (J-Web) under certain configurations. This problem arises when Juniper Secure Connect is activated on specific or multiple interfaces, making the J-Web UI accessible via more interfaces than intended. Affected versions of Junos OS span several releases, necessitating timely updates to safeguard network security.

Affected Version(s)

Junos OS SRX Series 0 < 21.4R3-S9

Junos OS SRX Series 22.2 < 22.2R3-S5

Junos OS SRX Series 22.4 < 22.4R3-S5

References

https://supportportal.juniper.net/JSA100098

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025

JSON