Junos
CVEs (766)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60011 | 0.00 | — | 0.00 | Jan 15, 2026 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an… | |||
| CVE-2025-60007 | 0.00 | — | 0.00 | Jan 15, 2026 | A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically… | |||
| CVE-2025-60003 | 0.00 | — | 0.00 | Jan 15, 2026 | A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific… | |||
| CVE-2025-59961 | 0.00 | — | 0.00 | Jan 15, 2026 | An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete… | |||
| CVE-2025-59960 | 0.00 | — | 0.00 | Jan 15, 2026 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on… | |||
| CVE-2025-59959 | 0.00 | — | 0.00 | Jan 15, 2026 | An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol… | |||
| CVE-2025-60010 | 0.00 | — | 0.00 | Oct 9, 2025 | A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS… | |||
| CVE-2025-60004 | 0.00 | — | 0.00 | Oct 9, 2025 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a… | |||
| CVE-2025-59980 | 0.00 | — | 0.00 | Oct 9, 2025 | An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is… | |||
| CVE-2025-59968 | 0.00 | — | 0.00 | Oct 9, 2025 | A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting… | |||
| CVE-2025-59964 | 0.00 | — | 0.00 | Oct 9, 2025 | A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is enabled, receipt of… | |||
| CVE-2025-59962 | 0.00 | — | 0.00 | Oct 9, 2025 | An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to… | |||
| CVE-2025-59957 | 0.00 | — | 0.00 | Oct 9, 2025 | An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. … | |||
| CVE-2025-52960 | 0.00 | — | 0.00 | Oct 9, 2025 | A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization… | |||
| CVE-2025-52988 | 0.00 | — | 0.00 | Jul 11, 2025 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides… | |||
| CVE-2025-6549 | 0.00 | — | 0.00 | Jul 11, 2025 | An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or… | |||
| CVE-2025-52989 | 0.00 | — | 0.00 | Jul 11, 2025 | An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a… | |||
| CVE-2025-52986 | 0.00 | — | 0.00 | Jul 11, 2025 | A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a… | |||
| CVE-2025-52984 | 0.00 | — | 0.00 | Jul 11, 2025 | A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop… | |||
| CVE-2025-52983 | 0.00 | — | 0.01 | Jul 11, 2025 | A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed,… |
- CVE-2025-60011Jan 15, 2026risk 0.00cvss —epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an…
- CVE-2025-60007Jan 15, 2026risk 0.00cvss —epss 0.00
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically…
- CVE-2025-60003Jan 15, 2026risk 0.00cvss —epss 0.00
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific…
- CVE-2025-59961Jan 15, 2026risk 0.00cvss —epss 0.00
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete…
- CVE-2025-59960Jan 15, 2026risk 0.00cvss —epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on…
- CVE-2025-59959Jan 15, 2026risk 0.00cvss —epss 0.00
An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol…
- CVE-2025-60010Oct 9, 2025risk 0.00cvss —epss 0.00
A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS…
- CVE-2025-60004Oct 9, 2025risk 0.00cvss —epss 0.00
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a…
- CVE-2025-59980Oct 9, 2025risk 0.00cvss —epss 0.00
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is…
- CVE-2025-59968Oct 9, 2025risk 0.00cvss —epss 0.00
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting…
- CVE-2025-59964Oct 9, 2025risk 0.00cvss —epss 0.00
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is enabled, receipt of…
- CVE-2025-59962Oct 9, 2025risk 0.00cvss —epss 0.00
An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to…
- CVE-2025-59957Oct 9, 2025risk 0.00cvss —epss 0.00
An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. …
- CVE-2025-52960Oct 9, 2025risk 0.00cvss —epss 0.00
A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization…
- CVE-2025-52988Jul 11, 2025risk 0.00cvss —epss 0.00
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides…
- CVE-2025-6549Jul 11, 2025risk 0.00cvss —epss 0.00
An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or…
- CVE-2025-52989Jul 11, 2025risk 0.00cvss —epss 0.00
An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a…
- CVE-2025-52986Jul 11, 2025risk 0.00cvss —epss 0.00
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a…
- CVE-2025-52984Jul 11, 2025risk 0.00cvss —epss 0.00
A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop…
- CVE-2025-52983Jul 11, 2025risk 0.00cvss —epss 0.01
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed,…
Page 8 of 39