CVE-2025-59961: CWE-732 Incorrect Permission Assignment for Critical Resource in Juniper Networks Junos OS
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay. This issue affects: Junos OS: * all versions before 21.2R3-S10, * all versions of 22.2, * from 21.4 before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R1-S1, 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
AI Analysis
Technical Summary
CVE-2025-59961 is an Incorrect Permission Assignment vulnerability (CWE-732) found in the Juniper DHCP daemon (jdhcpd) component of Juniper Networks Junos OS and Junos OS Evolved. The vulnerability arises because the Unix socket used to manage the jdhcpd process is assigned permissions that allow any local, low-privileged user to connect and issue management commands. This improper permission setting enables unauthorized users to gain administrative control over the DHCP service, including DHCP server or relay functionalities. Exploiting this vulnerability does not require user interaction but does require local access to the system. The vulnerability affects a broad range of Junos OS versions, including all versions before 21.2R3-S10, all 22.2 versions, and multiple subsequent releases up to 25.2R2, as well as corresponding Junos OS Evolved versions. The CVSS v3.1 base score is 5.5 (medium severity), reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), has low attack complexity (AC:L), no user interaction (UI:N), and impacts integrity (I:H) but not confidentiality or availability. While no public exploits are known, the ability to fully control DHCP services locally could allow attackers to manipulate network configurations, potentially disrupting network operations or facilitating further attacks. The vulnerability is particularly critical in environments where Juniper devices are used as DHCP servers or relays in enterprise or service provider networks.
Potential Impact
For European organizations, this vulnerability poses a significant risk to network infrastructure integrity. DHCP services are fundamental for IP address allocation and network configuration; unauthorized control could lead to malicious DHCP responses, network misconfigurations, or denial of service for legitimate clients. Attackers with local access could redirect traffic, intercept communications, or disrupt network availability indirectly by manipulating DHCP. This is especially concerning for critical infrastructure sectors such as telecommunications, finance, energy, and government agencies that rely heavily on Juniper devices for network management. The vulnerability could facilitate lateral movement within networks if exploited by insiders or attackers who have gained initial footholds. Although remote exploitation is not possible, the widespread use of Juniper devices in European data centers and enterprise networks increases the attack surface. Failure to patch could result in compromised network integrity, impacting business continuity and regulatory compliance under frameworks like GDPR and NIS Directive.
Mitigation Recommendations
Organizations should immediately identify all Juniper devices running affected Junos OS or Junos OS Evolved versions and prioritize patching to the fixed releases specified by Juniper Networks. Since the vulnerability requires local access, restricting administrative and user access to network devices is critical. Implement strict access controls and network segmentation to limit local user privileges on network devices. Employ robust monitoring and logging of DHCP daemon activities and Unix socket access to detect anomalous behavior. Consider deploying host-based intrusion detection systems (HIDS) on network devices where feasible. Regularly audit permission settings on critical system resources to ensure they adhere to the principle of least privilege. For environments where immediate patching is not possible, disable or restrict local user access to affected systems and enforce multi-factor authentication for device access. Coordinate with Juniper support for guidance on interim mitigations and verify firmware integrity post-patching. Finally, incorporate this vulnerability into incident response plans to quickly address any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Finland
CVE-2025-59961: CWE-732 Incorrect Permission Assignment for Critical Resource in Juniper Networks Junos OS
Description
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay. This issue affects: Junos OS: * all versions before 21.2R3-S10, * all versions of 22.2, * from 21.4 before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R1-S1, 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
AI-Powered Analysis
Technical Analysis
CVE-2025-59961 is an Incorrect Permission Assignment vulnerability (CWE-732) found in the Juniper DHCP daemon (jdhcpd) component of Juniper Networks Junos OS and Junos OS Evolved. The vulnerability arises because the Unix socket used to manage the jdhcpd process is assigned permissions that allow any local, low-privileged user to connect and issue management commands. This improper permission setting enables unauthorized users to gain administrative control over the DHCP service, including DHCP server or relay functionalities. Exploiting this vulnerability does not require user interaction but does require local access to the system. The vulnerability affects a broad range of Junos OS versions, including all versions before 21.2R3-S10, all 22.2 versions, and multiple subsequent releases up to 25.2R2, as well as corresponding Junos OS Evolved versions. The CVSS v3.1 base score is 5.5 (medium severity), reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), has low attack complexity (AC:L), no user interaction (UI:N), and impacts integrity (I:H) but not confidentiality or availability. While no public exploits are known, the ability to fully control DHCP services locally could allow attackers to manipulate network configurations, potentially disrupting network operations or facilitating further attacks. The vulnerability is particularly critical in environments where Juniper devices are used as DHCP servers or relays in enterprise or service provider networks.
Potential Impact
For European organizations, this vulnerability poses a significant risk to network infrastructure integrity. DHCP services are fundamental for IP address allocation and network configuration; unauthorized control could lead to malicious DHCP responses, network misconfigurations, or denial of service for legitimate clients. Attackers with local access could redirect traffic, intercept communications, or disrupt network availability indirectly by manipulating DHCP. This is especially concerning for critical infrastructure sectors such as telecommunications, finance, energy, and government agencies that rely heavily on Juniper devices for network management. The vulnerability could facilitate lateral movement within networks if exploited by insiders or attackers who have gained initial footholds. Although remote exploitation is not possible, the widespread use of Juniper devices in European data centers and enterprise networks increases the attack surface. Failure to patch could result in compromised network integrity, impacting business continuity and regulatory compliance under frameworks like GDPR and NIS Directive.
Mitigation Recommendations
Organizations should immediately identify all Juniper devices running affected Junos OS or Junos OS Evolved versions and prioritize patching to the fixed releases specified by Juniper Networks. Since the vulnerability requires local access, restricting administrative and user access to network devices is critical. Implement strict access controls and network segmentation to limit local user privileges on network devices. Employ robust monitoring and logging of DHCP daemon activities and Unix socket access to detect anomalous behavior. Consider deploying host-based intrusion detection systems (HIDS) on network devices where feasible. Regularly audit permission settings on critical system resources to ensure they adhere to the principle of least privilege. For environments where immediate patching is not possible, disable or restrict local user access to affected systems and enforce multi-factor authentication for device access. Coordinate with Juniper support for guidance on interim mitigations and verify firmware integrity post-patching. Finally, incorporate this vulnerability into incident response plans to quickly address any exploitation attempts.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2025-09-23T18:19:06.955Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69694e761ab3796b105000ee
Added to database: 1/15/2026, 8:30:46 PM
Last enriched: 1/15/2026, 8:49:31 PM
Last updated: 1/16/2026, 12:08:10 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-14237: CWE-787: Out-of-bounds Write in Canon Inc. Satera LBP670C Series
CriticalCVE-2025-14236: CWE-787: Out-of-bounds Write in Canon Inc. Satera LBP670C Series
CriticalCVE-2025-14235: CWE-787: Out-of-bounds Write in Canon Inc. Satera LBP670C Series
CriticalCVE-2025-14234: CWE-787: Out-of-bounds Write in Canon Inc. Satera LBP670C Series
CriticalCVE-2025-14233: CWE-763: Release of Invalid Pointer or Reference in Canon Inc. Satera LBP670C Series
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.