CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2025-60010 – Junos OS and Junos OS Evolved: Device allows login for user with expired password
https://notcve.org/view.php?id=CVE-2025-60010
09 Oct 2025 — A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced. This does not allow users to login with a wrong passwor... • https://supportportal.juniper.net/JSA103168 • CWE-262: Not Using Password Aging •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-60009 – Junos Space: CLI Configlet page is vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-60009
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlet page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-60006 – Junos OS Evolved: OS command injection vulnerabilities fixed
https://notcve.org/view.php?id=CVE-2025-60006
09 Oct 2025 — Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands, the options are processed via a script in some cases. These scripts are not hardened so injected commands might be executed via the shell, which allows an attacker to perform operations, which they should not be ... • https://supportportal.juniper.net/JSA103163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-60004 – Junos OS and Junos OS Evolved: Specific BGP EVPN update message causes rpd crash
https://notcve.org/view.php?id=CVE-2025-60004
09 Oct 2025 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart. A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable d... • https://supportportal.juniper.net/JSA103165 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-60002 – Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-60002
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J... • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-60001 – Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-60001
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junipe... • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-60000 – Junos Space: Generate Report page is vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-60000
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junipe... • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59999 – Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-59999
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ju... • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59998 – Junos Space: Archive Logs screen is vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-59998
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper ... • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59997 – Junos Space: Fields in the CLI Configlets are vulnerable to reflected cross-site script injection
https://notcve.org/view.php?id=CVE-2025-59997
09 Oct 2025 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper... • https://supportportal.juniper.net/JSA103140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •