CVE-2025-59978 CRITICAL

CVE-2025-59978: Junos Space: Stored cross-site scripting vulnerability in web application

Vendor Juniper Networks
Product Junos Space
Weakness CWE-79 · XSS
Published October 9, 2025
Last update February 26, 2026

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions. This issue affects all versions of Junos Space before 24.1R4.

Key dates

02Disclosure timeline

October 9, 2025 CVE published
February 26, 2026 Record updated