Junos Space: Flooding device with inbound API calls leads to...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).

After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality.

This issue affects Junos Space:
* all versions before 22.2R1 Patch V3,
* from 23.1 before 23.1R1 Patch V3.

Basic Information

ID CVE-2025-59975

Source juniper

Published Oct 9, 2025 at 15:58

Affected Product

Vendor Juniper Networks

Product Junos Space

Affected Versions Juniper Networks Junos Space 0
Juniper Networks Junos Space 23.1

CWE Classification

CWE-400

References

supportportal.juniper.net /JSA103172

{
    "lastseen": "",
    "description": "An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS).\n\nAfter continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality.\n\nThis issue affects Junos Space: \n  *  all versions before 22.2R1 Patch V3, \n  *  from 23.1 before 23.1R1 Patch V3.",
    "published": "2025-10-09T15:58:33.416Z",
    "modified": "2025-10-09T15:58:33.416Z",
    "type": "cve",
    "title": "Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS",
    "source": "juniper",
    "references": "https://supportportal.juniper.net/JSA103172",
    "id": "CVE-2025-59975",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "Juniper Networks Junos Space 0\nJuniper Networks Junos Space 23.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Junos Space",
    "version": "0",
    "vendor": "Juniper Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS_CVE-2025-59975