CVE-2025-59978

CRITICAL 9.0

Junos Space: Stored cross-site scripting vulnerability in web application

CVSS Score

9.0

EPSS Score

0.0%

EPSS Percentile

0th

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions. This issue affects all versions of Junos Space before 24.1R4.

CWE	CWE-79
Vendor	juniper networks
Product	junos space
Published	Oct 9, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for juniper networks junos space

Be the first to know when new critical vulnerabilities affecting juniper networks junos space are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Juniper Networks / Junos Space

0 < 24.1R4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

supportportal.juniper.net: https://supportportal.juniper.net/JSA103140

Credits

Juniper SIRT would like to acknowledge and thank Arnoldas Radisauskas and Jorge Escabias from NATO Cyber Security Center for responsibly reporting this vulnerability.