CVE-2025-59980

MEDIUM

Juniper Junos < 22.4 - Authentication Bypass

Title source: rule

Description

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2.

References (1)

[Vendor Advisory] https://supportportal.juniper.net/JSA103167

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-305

Status published

Products (4)

juniper/junos 22.4 (15 CPE variants)

juniper/junos 23.2 (7 CPE variants)

juniper/junos 23.4 (4 CPE variants)

juniper/junos < 22.4

Published Oct 09, 2025

Tracked Since Feb 18, 2026