CVE-2025-52987 MEDIUM

CVE-2025-52987: Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

Vendor Juniper Networks
Product Paragon Automation (Pathfinder, Planner, Insights)
Weakness CWE-1021
Published January 15, 2026
Last update January 16, 2026

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control.  This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

Key dates

02Disclosure timeline

January 15, 2026 CVE published
January 16, 2026 Record updated