CVE-2025-6549

MEDIUM

6.5

Descripcion

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.

Detalles CVE

Puntuacion CVSS v3.16.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado7/11/2025

Ultima modificacion1/23/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

juniper:junosjuniper:srx1500juniper:srx1600juniper:srx2300juniper:srx300juniper:srx320juniper:srx340juniper:srx345juniper:srx380juniper:srx4100juniper:srx4120juniper:srx4200juniper:srx4300juniper:srx4600juniper:srx4700juniper:srx5400juniper:srx5600juniper:srx5800

Debilidades (CWE)

CWE-863

Referencias

https://supportportal.juniper.net/JSA100098(sirt@juniper.net)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.