CVE-2025-59961 is an Incorrect Permission Assignment vulnerability (CWE-732) found in the Juniper DHCP daemon (jdhcpd) component of Juniper Networks Junos OS and Junos OS Evolved. The vulnerability stems from the Unix socket used to manage the jdhcpd process having overly permissive access controls, allowing any local user with low privileges to write to this socket. This improper permission setting enables such users to issue management commands to the DHCP service, effectively granting them administrative control over the DHCP server or relay on the affected device. The DHCP daemon is critical for network infrastructure as it dynamically assigns IP addresses and network configuration to clients. Unauthorized control over this service can lead to network misconfigurations, denial of service, or facilitate lateral movement within the network. The affected versions span multiple releases of Junos OS and Junos OS Evolved, specifically all versions before 21.2R3-S10, all 22.2 versions, and various subsequent versions up to 25.2R2, indicating a broad impact across many currently deployed systems. The vulnerability requires local access but does not require elevated privileges or user interaction, making it easier to exploit once local access is obtained. The CVSS v3.1 score is 5.5 (medium), reflecting the limited attack vector (local) but significant impact on integrity. No public exploits have been reported yet, but the potential for misuse in compromised environments is high. Juniper has published patches in the specified versions to address this issue, though no direct patch links were provided in the source information.

For European organizations, this vulnerability poses a significant risk to network infrastructure integrity. DHCP services are foundational for IP address management and network configuration; unauthorized control can lead to network outages, misrouting, or interception of network traffic. Attackers gaining control over DHCP services could manipulate IP assignments, causing denial of service or enabling man-in-the-middle attacks. This is particularly critical for large enterprises, ISPs, and data centers relying on Juniper devices for routing and DHCP relay functions. The requirement for local access limits remote exploitation but insider threats or attackers who have gained initial footholds can leverage this vulnerability to escalate privileges and disrupt network operations. Given the widespread use of Juniper devices in European telecom, government, and enterprise networks, the impact could be substantial if unpatched. Additionally, disruption of DHCP services can affect availability indirectly by causing network instability. The integrity impact is high, confidentiality impact is low, and availability impact is minimal but possible through indirect effects.

European organizations should immediately identify all Juniper devices running affected versions of Junos OS and Junos OS Evolved, focusing on those providing DHCP server or relay services. Applying the vendor-provided patches for the affected versions is the primary mitigation step. In environments where immediate patching is not feasible, organizations should restrict local user access on these devices to trusted administrators only, minimizing the risk of exploitation by low-privileged users. Network segmentation and strict access controls should be enforced to limit who can log into network devices locally. Monitoring and alerting for unusual activity related to the jdhcpd process or Unix socket access can help detect exploitation attempts. Additionally, organizations should review and harden device configurations to ensure minimal local user accounts and enforce the principle of least privilege. Regular audits of device permissions and access logs will help identify potential misuse. Finally, maintaining an up-to-date asset inventory and vulnerability management program will ensure timely identification and remediation of such vulnerabilities.