Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Juniper Networks Patches Critical Junos Space Vulnerabilities

Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws.

Juniper Networks vulnerabilities

Juniper Networks has announced patches for nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical-severity flaws affecting Junos Space.

More than 200 security defects were resolved in Junos Space and Junos Space Security Director, Juniper’s October 2025 security advisories, published as part of the company’s predefined quarterly schedule, reveal.

Junos Space version 24.1R4 was rolled out with fixes for 24 cross-site scripting (XSS) issues, including a critical-severity bug (CVE-2025-59978, CVSS score of 9.0) that could allow attackers to store script tags in text pages and execute commands on a visitor’s system with administrative privileges.

Junos Space 24.1R4 Patch V1 was released with fixes for 162 unique CVEs, including nine critical-severity flaws: CVE-2019-12900, CVE-2023-38408, CVE-2024-3596, CVE-2024-27280, CVE-2024-35845, CVE-2024-47538, CVE-2024-47607, and CVE-2024-47615.

Juniper also resolved a high-severity denial-of-service (DoS) vulnerability and medium-severity arbitrary file download and HTTP parameter pollution bugs in Junos Space.

Additionally, the company announced fixes for three high-severity and 15 medium-severity Junos Space Security Director flaws, and for a high-severity bug in Security Director Policy Enforcer.

Advertisement. Scroll to continue reading.

Junos OS and Junos OS Evolved updates resolved two high-severity DoS security defects, as well as medium-severity issues that could allow attackers to access sensitive information, obtain read-write access to files, cause DoS conditions, elevate privileges and/or execute unauthorized commands, create a backdoor, or bypass a required password change.

Juniper says it is not aware of any of these vulnerabilities being exploited in the wild, but users are advised to apply the patches as soon as possible, as there are no workarounds for most of these issues.

Additional information on the resolved vulnerabilities can be found on Juniper’s support portal.

Related: Vulnerabilities Patched by Juniper, VMware and Zoom

Related: Juniper Networks Patches Dozens of Junos Vulnerabilities

Related: Unauthenticated RCE Flaw Patched in DrayTek Routers

Related: Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.