Login Sign Up

CVE-2025-60009

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to inject malicious scripts into the CLI Configlet page. When an administrator views the compromised page, the attacker can execute commands with the administrator's permissions. All Junos Space versions before 24.1R4 are affected.

💻 Affected Systems

Products:
  • Juniper Networks Junos Space
Versions: All versions before 24.1R4
Operating Systems: Juniper's custom OS for Junos Space
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have access to create or modify CLI Configlets, typically requiring authenticated access to Junos Space.

📦 What is this software?

Junos Space by Juniper

View all CVEs affecting Junos Space →

Junos Space by Juniper

View all CVEs affecting Junos Space →

Junos Space by Juniper

View all CVEs affecting Junos Space →

Junos Space by Juniper

View all CVEs affecting Junos Space →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative control over Junos Space, enabling network configuration changes, credential theft, and lateral movement to connected Juniper devices.

🟠

Likely Case

Attackers steal administrator session cookies or credentials, then use them to modify network configurations or deploy backdoors.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the Junos Space management interface only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access to Junos Space and social engineering to lure administrators to view malicious configlets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.1R4 or later

Vendor Advisory: https://supportportal.juniper.net/JSA103140

Restart Required: No

Instructions:

1. Download Junos Space 24.1R4 or later from Juniper support portal. 2. Backup current configuration. 3. Apply the update via the Junos Space administration interface. 4. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict Configlet Creation

all

Limit which users can create or modify CLI Configlets to trusted administrators only.

Content Security Policy

all

Implement CSP headers to restrict script execution from untrusted sources.

🧯 If You Can't Patch

  • Isolate Junos Space management interface to trusted network segments only
  • Implement strict access controls and monitor for suspicious configlet modifications

🔍 How to Verify

Check if Vulnerable:

Check Junos Space version via Administration > System > Software Management

Check Version:

show version (from Junos Space CLI)

Verify Fix Applied:

Confirm version is 24.1R4 or later in Software Management page

📡 Detection & Monitoring

Log Indicators:

  • Unusual configlet creation/modification patterns
  • Administrator sessions with unexpected activities

Network Indicators:

  • HTTP requests with suspicious script tags in configlet parameters

SIEM Query:

source="junos-space" AND (event="configlet_modified" OR event="configlet_created") AND user!="trusted_admin"

📊 Metadata

CVE ID: CVE-2025-60009
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.07% exploit probability (20.3th percentile)
Published: October 9, 2025
Last Updated: January 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60009, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)