CVE-2025-59976 MEDIUM

CVE-2025-59976: Junos Space: Arbitrary file download vulnerability in web interface

Vendor Juniper Networks

Product Junos Space

Weakness CWE-552 · Files accessible externally

Published October 9, 2025

Last update October 9, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

Key dates

02Disclosure timeline

October 9, 2025 CVE published

October 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59976 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/552.html

Related vulnerabilities

CVE-2025-59976: Junos Space: Arbitrary file download vulnerability in web interface

01Description

02Disclosure timeline

03References

04Related CVE