CVE-2025-59980

Summary

An Authentication Bypass by Primary Weakness

in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory.

This issue affects Junos OS: 

  • all versions before 22.4R3-S8,
  • 23.2 versions before 23.2R2-S3,
  • 23.4 versions before 23.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 22.4R3-S8affected
Juniper NetworksJunos OS23.2 < 23.2R2-S3affected
Juniper NetworksJunos OS23.4 < 23.4R2affected

Weaknesses

  • CWE-305: CWE-305 Authentication Bypass by Primary Weakness

Workarounds

Choosing another name for the user "ftp" or "anonymous" will prevent exploitation of this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References