← Zuruck zu CVEs
CVE-2025-52987
MEDIUM6.1
Beschreibung
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control. This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht1/15/2026
Zuletzt geandert1/26/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
juniper:paragon_automation
Schwachen (CWE)
CWE-1021
Referenzen
https://kb.juniper.net/JSA103145(sirt@juniper.net)
https://supportportal.juniper.net/(sirt@juniper.net)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.