SOC Advisory – Stored XSS Vulnerabilities in Junos Space and Security Director – 10 October 2025

Overview

CVE: CVE-2025-59978, CVE-2025-59974
Severity: Critical
Date: 10 October 2025

Juniper Networks has disclosed two critical cross-site scripting (XSS) vulnerabilities affecting Junos Space and Junos Space Security Director platforms.

Both flaws could allow an attacker to store malicious scripts in the application that are executed when other users, including administrators, view affected web pages.

Successful exploitation can lead to session hijacking, privilege escalation, or command execution under administrative context.

All versions prior to 24.1R4 are impacted.

Affected Versions

• Junos Space: All versions before 24.1R4
• Junos Space Security Director: All versions before 24.1R4

Vulnerability Breakdown

CVE-2025-59978 — Junos Space Stored XSS

• Severity: Critical
• CVSS Score: 9.4
• Type: Stored Cross-Site Scripting (CWE-79)
• Impact: Attackers can inject persistent script tags that execute with the viewer’s administrative privileges.
• Risk: Execution of arbitrary JavaScript, session hijacking, or administrative command execution.
• Juniper Advisory – JSA103140

CVE-2025-59974 — Security Director Stored XSS

• Severity: Critical
• CVSS Score: 9.3
• Type: Stored Cross-Site Scripting (CWE-79)
• Impact: Allows persistent script injection affecting other authenticated users and admins.
• Risk: Privilege escalation, data theft, or lateral movement.
• Juniper Advisory – JSA103139

Mitigation

• Upgrade Immediately:
  • Junos Space → 24.1R4 or later
  • Junos Space Security Director → 24.1R4 or later
• Review system logs for unexpected administrative actions or script injection attempts.
• Revoke and reissue administrative session tokens post-upgrade.
• Restrict web UI access to trusted network zones until patched.

Summary for IT Teams

• Products: Junos Space, Junos Space Security Director
• Threat Level: Critical
• Action Required:
  • Patch to 24.1R4 or newer
  • Review access logs and revoke compromised sessions
  • Educate administrators on the risks of viewing untrusted content within the application UI
  • Restrict external access to management interfaces

Reference

• Juniper Security Advisory – JSA103140 (CVE-2025-59978)
• Juniper Security Advisory – JSA103139 (CVE-2025-59974)

Need Help?

If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.