CVE-2025-11198

Summary

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.

If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one.

This issue affects Security Director Policy Enforcer:  

  • All versions before 23.1R1 Hotpatch v3.

This issue does not affect Junos Space Security Director Insights.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksSecurity Director Policy Enforcer0 < 23.1R1 Hotpatch v3affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

There are no known workarounds for this issue. To reduce the risk of exploitation, enable access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted users, hosts and networks.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References