National Cyber Warfare Foundation (NCWF)

Juniper patched nine critical flaws in Junos Space
0 user ratings		2025-10-10 14:09:41
milo
Blue Team (CND)
Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space. Juniper Networks released patches to address nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical flaws in Junos Space. One of these flaws, tracked as CVE-2025-59978 (CVSS score of 9.0), […


Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space.





Juniper Networks released patches to address nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical flaws in Junos Space.





One of these flaws, tracked as CVE-2025-59978 (CVSS score of 9.0), is a critical Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space. It occurs due to improper neutralization of input during web page generation, allowing attackers to embed malicious script tags directly into web pages. When another user views these pages, the scripts execute with the victim’s administrative privileges, potentially allowing full control of the system. This flaw affects all Junos Space versions prior to 24.1R4, which includes the patch.





This type of vulnerability is particularly dangerous in administrative interfaces because it can lead to unauthorized configuration changes, data theft, or further network compromise.





Junos Space 24.1R4 Patch V1 fixes 162 vulnerabilities, including nine critical flaws and 24 cross-site scripting (XSS) bugs.





Junos Space 24.1R4 Patch V1 resolved 162 vulnerabilities, including nine critical issue. The two most severe vulnerabilities are:






  • CVE-2025-59978 (CVSS score of 9.0): A cross-site scripting in Juniper Junos Space lets attackers inject script tags into web pages; when viewed these run with the viewer’s administrative privileges, enabling command execution and potential full system compromise. Affects versions before 24.1R4.




  • CVE-2024-47615 (CVSS score of 8.6): A GStreamer OOB-write in gst_parse_vorbis_setup_packet lets an attacker overwrite up to 380 bytes of memory due to unchecked input array size. Fixed in 1.24.10.





Juniper is not aware of any attacks in the wild exploiting these vulnerabilities, however, it recommends users to apply the patches as soon as possible.





Follow me on Twitter: @securityaffairs and Facebook and Mastodon





Pierluigi Paganini





(SecurityAffairs – hacking, Junos Space)



Source: SecurityAffairs
Source Link: https://securityaffairs.com/183229/security/juniper-patched-nine-critical-flaws-in-junos-space.html

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.