CVE-2025-59975 – An unauthenticated attacker can flood Juniper J... (How to Fix)

Q: What is the severity of CVE-2025-59975?

CVE-2025-59975 has a CVSS score of 7.5 (HIGH). An unauthenticated attacker can flood Juniper Junos Space with HTTP API requests, consuming all file handles and causing a complete denial of service. This affects all management interfaces (SSH and WebUI), requiring manual reboot to restore functionality. Affected systems include Junos Space versions before 22.2R1 Patch V3 and 23.1 before 23.1R1 Patch V3.

📋 TL;DR

An unauthenticated attacker can flood Juniper Junos Space with HTTP API requests, consuming all file handles and causing a complete denial of service. This affects all management interfaces (SSH and WebUI), requiring manual reboot to restore functionality. Affected systems include Junos Space versions before 22.2R1 Patch V3 and 23.1 before 23.1R1 Patch V3.

💻 Affected Systems

Products:

Juniper Networks Junos Space

Versions: All versions before 22.2R1 Patch V3, and 23.1 before 23.1R1 Patch V3

Operating Systems: Junos Space OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the HTTP daemon (httpd) component handling API calls. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability requiring physical access and manual reboot, with extended downtime during attack and recovery.

🟠

Likely Case

Management interface DoS preventing administrative access until system is manually rebooted.

🟢

If Mitigated

Limited impact if network controls block unauthenticated API access and rate limiting is implemented.

🌐 Internet-Facing: HIGH - Unauthenticated network-based attack that can be launched remotely without credentials.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires attacker to have network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple flooding attack requiring only network access to the management interface. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.2R1 Patch V3 or later, 23.1R1 Patch V3 or later

Vendor Advisory: https://supportportal.juniper.net/JSA103172

Restart Required: Yes

Instructions:

1. Download appropriate patch from Juniper support portal. 2. Apply patch via Junos Space administration interface. 3. Reboot system as required by patch installation.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to Junos Space management interfaces to trusted networks only

Rate Limiting

all

Implement network-level rate limiting for HTTP/API traffic to Junos Space

🧯 If You Can't Patch

Implement strict network segmentation to isolate Junos Space from untrusted networks
Deploy network-based DDoS protection or WAF with rate limiting capabilities

🔍 How to Verify

Check if Vulnerable:

Check Junos Space version via SSH or WebUI and compare against affected versions

Check Version:

show version

Verify Fix Applied:

Verify installed version is 22.2R1 Patch V3 or later, or 23.1R1 Patch V3 or later

📡 Detection & Monitoring

Log Indicators:

Unusually high HTTP connection rates
File handle exhaustion warnings
Failed SSH/WebUI login attempts due to resource constraints

Network Indicators:

High volume of HTTP requests to management IP
Sustained connection attempts to API endpoints

SIEM Query:

source="junos-space" AND (http_requests > 1000/min OR error="file handles exhausted")

📊 Metadata

CVE ID: CVE-2025-59975

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.14% exploit probability (34.6th percentile)

Published: October 9, 2025

Last Updated: January 23, 2026

🔗 References

https://supportportal.juniper.net/JSA103172 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59975, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Junos Space by Juniper

Junos Space by Juniper

Junos Space by Juniper

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Control

Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities