CVE-2025-59975 HIGH

CVE-2025-59975: Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS

Vendor Juniper Networks

Product Junos Space

Weakness CWE-400

Published October 9, 2025

Last update October 9, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS). After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality. This issue affects Junos Space: * all versions before 22.2R1 Patch V3, * from 23.1 before 23.1R1 Patch V3.

Key dates

02Disclosure timeline

October 9, 2025 CVE published

October 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59975 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2025-59975

CWE CWE-400

CVSS 7.5 / HIGH

Affected versions

Vendor Juniper Networks

Product Junos Space

Affected < 22.2R1 Patch V3

Vendor Juniper Networks

Product Junos Space

Affected ≥ 23.1 and < 23.1R1 Patch V3

CVE-2025-59975: Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS

01Description

02Disclosure timeline

03References

04Related CVE