Unrated severityNVD Advisory· Published Jul 11, 2025· Updated Jul 11, 2025

Junos OS: SRX Series: J-Web can be exposed on additional interfaces

CVE-2025-6549

Description

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the

Juniper Web Device Manager

(J-Web).

When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS:

all versions before 21.4R3-S9,
22.2 versions before 22.2R3-S5,
22.4 versions before 22.4R3-S5,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S5,
24.2 versions before 24.2R2.

Affected products

Juniper Networks/Junosllm-fuzzy
Range: <21.4R3-S9, >=22.2, <22.2R3-S5, >=22.4, <22.4R3-S5, >=23.2, <23.2R2-S3, >=23.4, <23.4R2-S5, >=24.2, <24.2R2
Juniper Networks/Junos OSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

supportportal.juniper.net/JSA100098mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000