Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 10, 2025

Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem access is allowed

CVE-2025-59980

Description

An Authentication Bypass by Primary Weakness

in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory.

This issue affects Junos OS:

all versions before 22.4R3-S8,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2.

Affected products

Juniper Networks/Junosllm-fuzzy
Range: before 22.4R3-S8, before 23.2R2-S3, before 23.4R2
Juniper Networks/Junos OSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

supportportal.juniper.net/JSA103167mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000