"More than 200 security defects were resolved in Junos Space and Junos Space Security Director, Juniper's October 2025 security advisories, published as part of the company's predefined quarterly schedule, reveal. Junos Space version 24.1R4 was rolled out with fixes for 24 cross-site scripting (XSS) issues, including a critical-severity bug (CVE-2025-59978, CVSS score of 9.0) that could allow attackers to store script tags in text pages and execute commands on a visitor's system with administrative privileges."
"Junos Space 24.1R4 Patch V1 was released with fixes for 162 unique CVEs, including nine critical-severity flaws: CVE-2019-12900, CVE-2023-38408, CVE-2024-3596, CVE-2024-27280, CVE-2024-35845, CVE-2024-47538, CVE-2024-47607, and CVE-2024-47615. Juniper also resolved a high-severity denial-of-service (DoS) vulnerability and medium-severity arbitrary file download and HTTP parameter pollution bugs in Junos Space. Additionally, the company announced fixes for three high-severity and 15 medium-severity Junos Space Security Director flaws, and for a high-severity bug in Security Director Policy Enforcer."
Juniper released patches addressing nearly 220 vulnerabilities across Junos OS, Junos Space, and Security Director. More than 200 defects were resolved in Junos Space and Junos Space Security Director. Junos Space 24.1R4 fixes 24 cross-site scripting issues including a critical CVE-2025-59978 (CVSS 9.0) that enables stored XSS to execute commands with administrative privileges. Junos Space 24.1R4 Patch V1 resolves 162 unique CVEs, including nine critical-severity flaws. Juniper also fixed a high-severity DoS, medium-severity arbitrary file download and HTTP parameter pollution bugs, multiple Security Director flaws, and a Policy Enforcer bug. Junos OS and Junos OS Evolved updates addressed two high-severity DoS defects and several medium-severity issues that could enable information disclosure, file access, DoS, privilege escalation, backdoor creation, or password-change bypass. No known exploitation has been reported; users should apply patches promptly as most issues lack workarounds.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]