CVE-2025-59975

Medienbericht

EPSS 0.11%
Veröffentlicht 09.10.2025 15:58:33
Zuletzt bearbeitet 23.01.2026 18:37:40
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).

After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality.

This issue affects Junos Space: 
  *  all versions before 22.2R1 Patch V3, 
  *  from 23.1 before 23.1R1 Patch V3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Space Version < 22.2

Juniper ≫ Junos Space Version22.2 Updater1

Juniper ≫ Junos Space Version23.1 Updater1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.287

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:X
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.heise.de/news/Juniper-Security-Director-Angreifer-koennen-Sicherheitsmechanismus-umgehen-10750030.html

Media Report

https://supportportal.juniper.net/JSA103172

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59975

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59975

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59975

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-59975