CVE-2025-59976 — MEDIUM (6.5)

Q: How severe is CVE-2025-59976?

CVE-2025-59976 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59976?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Space.

Vulnerability Description

An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file path normally allowed by the JBoss daemon. These files could contain sensitive information restricted from access by low-privileged users.This issue affects all versions of Junos Space before 24.1R3.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Junos Space	< 24.1

Related Weaknesses (CWE)

CWE-552

References

https://supportportal.juniper.net/JSA103170Vendor Advisory

FAQ

What is CVE-2025-59976?

CVE-2025-59976 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file sy...

How severe is CVE-2025-59976?

CVE-2025-59976 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59976?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Space.