CVE-2025-52950

CRITICAL 9.6

Juniper Security Director: Insufficient authorization for multiple endpoints in web interface

CVSS Score

9.6

EPSS Score

0.0%

EPSS Percentile

0th

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices. This issue affects Security Director version 24.4.1.

CWE	CWE-862
Vendor	juniper networks
Product	juniper security director
Published	Jul 11, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for juniper networks juniper security director

Be the first to know when new critical vulnerabilities affecting juniper networks juniper security director are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

Affected Versions

Juniper Networks / Juniper Security Director

24.4.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

supportportal.juniper.net: https://supportportal.juniper.net/JSA100054