Description

A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface. Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices. This issue affects Security Director version 24.4.1.

INFO

Published Date :

2025-07-11T14:40:49.980Z

Last Modified :

2026-02-26T17:50:45.776Z

Source :

juniper
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52950 vulnerability.

Vendors Products
Juniper
  • Security Director
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52950.

URL Resource
https://supportportal.juniper.net/JSA100054 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact