CVE-2025-59975
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).
After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality.
This issue affects Junos Space:
- all versions before 22.2R1 Patch V3,
- from 23.1 before 23.1R1 Patch V3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos Space | 0 < 22.2R1 Patch V3 | affected |
| Juniper Networks | Junos Space | 23.1 < 23.1R1 Patch V3 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
Workarounds
Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.