CVE-2025-52950

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-52950
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices. This issue affects Security Director version 24.4.1.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://supportportal.juniper.net/JSA100054 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:juniper:security_director:24.4.1:*:*:*:*:*:*:*
History

26 Jan 2026, 18:37

Type Values Removed Values Added
CPE cpe:2.3:a:juniper:security_director:24.4.1:*:*:*:*:*:*:*
First Time Juniper
Juniper security Director
References () https://supportportal.juniper.net/JSA100054 - () https://supportportal.juniper.net/JSA100054 - Vendor Advisory

15 Jul 2025, 13:14

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de falta de autorización en Juniper Networks Security Director permite a un atacante no autenticado acceder o manipular múltiples recursos confidenciales a través de la interfaz web. Numerosos endpoints del dispositivo Juniper Security Director no validan la autorización y entregan al usuario información que excede su nivel de autorización. Un atacante puede acceder a datos que exceden el nivel de autorización del usuario. La información obtenida puede utilizarse para obtener acceso a información adicional o perpetrar otros ataques, afectando a los dispositivos administrados en sentido descendente. Este problema afecta a la versión 24.4.1 de Security Director.

11 Jul 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-11 15:15

Updated : 2026-01-26 18:37

NVD link : CVE-2025-52950

Mitre link : CVE-2025-52950

CVE.ORG link : CVE-2025-52950

JSON object : View

Products Affected

juniper

  • security_director
CWE
CWE-862

Missing Authorization