CVE-2025-52950 – An unauthenticated attacker can access sensitiv... (How to Fix)

Q: What is the severity of CVE-2025-52950?

CVE-2025-52950 has a CVSS score of 9.6 (CRITICAL). An unauthenticated attacker can access sensitive data and tamper with resources on Juniper Security Director due to missing authorization checks on multiple web endpoints. This affects Security Director version 24.4.1 and could lead to compromise of downstream managed devices.

📋 TL;DR

An unauthenticated attacker can access sensitive data and tamper with resources on Juniper Security Director due to missing authorization checks on multiple web endpoints. This affects Security Director version 24.4.1 and could lead to compromise of downstream managed devices.

💻 Affected Systems

Products:

Juniper Networks Security Director

Versions: 24.4.1

Operating Systems: Juniper Security Director appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of version 24.4.1 are vulnerable by default.

📦 What is this software?

Security Director by Juniper

View all CVEs affecting Security Director →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Security Director appliance leading to unauthorized access to all managed network devices, data exfiltration, and network-wide disruption.

🟠

Likely Case

Unauthorized access to sensitive configuration data, credentials, or device management capabilities leading to lateral movement within the network.

🟢

If Mitigated

Limited information disclosure if network segmentation and access controls prevent external access to the web interface.

🌐 Internet-Facing: HIGH - Unauthenticated web interface access allows complete compromise from internet.

🏢 Internal Only: HIGH - Even internal attackers can exploit this without credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated web requests to vulnerable endpoints can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for fixed version

Vendor Advisory: https://supportportal.juniper.net/JSA100054

Restart Required: Yes

Instructions:

1. Review vendor advisory JSA100054. 2. Download and apply the recommended patch from Juniper support. 3. Restart Security Director services. 4. Verify authorization checks are functioning.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Security Director web interface to trusted management networks only.

Web Application Firewall

all

Deploy WAF with rules to block unauthorized access patterns to Security Director endpoints.

🧯 If You Can't Patch

Isolate Security Director appliance from untrusted networks using firewall rules.
Implement strict network access controls and monitor all traffic to Security Director web interface.

🔍 How to Verify

Check if Vulnerable:

Check Security Director version via web interface or CLI. Version 24.4.1 is vulnerable.

Check Version:

show version (CLI) or check About page in web interface

Verify Fix Applied:

Verify version is updated beyond 24.4.1 and test authorization controls on previously vulnerable endpoints.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated requests to sensitive endpoints
Access patterns outside normal user behavior
Failed authorization attempts followed by successful data access

Network Indicators:

Unusual HTTP requests to Security Director web interface from unauthorized sources
Traffic spikes to administrative endpoints

SIEM Query:

source="security_director_logs" AND (status=200 AND auth="none") OR (uri CONTAINS "/api/" AND user="anonymous")

📊 Metadata

CVE ID: CVE-2025-52950

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE: CWE-862

EPSS Score: 0.06% exploit probability (17.5th percentile)

Published: July 11, 2025

Last Updated: January 26, 2026

🔗 References

https://supportportal.juniper.net/JSA100054 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52950, you might also want to check these: