CVE Alert: CVE-2025-59975 – Juniper Networks – Junos Space
CVE-2025-59975
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS). After continuously flooding the system with inbound connection requests, all available file handles become consumed, blocking access to the system via SSH and the web user interface (WebUI), resulting in a management interface DoS. A manual reboot of the system is required to restore functionality. This issue affects Junos Space: * all versions before 22.2R1 Patch V3, * from 23.1 before 23.1R1 Patch V3.
AI Summary Analysis
Risk verdict
High risk of denial-of-service to the device’s management interfaces from an unauthenticated network attacker; patching is urgent if these systems are reachable externally. Exploitation is not currently indicated as active.
Why this matters
An unmanaged DoS at the management surface can take down WebUI and SSH access, hindering monitoring, configuration, and incident response. With no authentication required, a motivated attacker could repeatedly exhaust resources and force a reboot, disrupting network operations and delivery of services.
Most likely attack path
An attacker can flood the httpd API endpoint over the network, consuming all file handles and exhausting resources without any user interaction or credentials. Given a network-facing interface, this can reachable from anywhere on the network and persist until remediation. The high availability impact (A:H) and lack of required privileges increase the likelihood of successful impact if publicly reachable.
Who is most exposed
Organisations using on-prem or hybrid management appliances with exposed HTTP API endpoints are most at risk, especially where management interfaces are publicly reachable or not adequately filtered.
Detection ideas
- Spike in inbound API requests to management endpoints and abnormal httpd resource usage
- Rapid CPU/memory consumption and depletion of file handles
- WebUI/SSH unavailability followed by reboot or service restart events
- Logs showing repeated, unauthenticated API activity against management interfaces
Mitigation and prioritisation
- Apply latest patches: 22.2R1 Patch V3, 23.1R1 Patch V3, 24.1R1 or newer
- Implement strict access controls: ACLs/firewall filters limiting inbound API access to trusted hosts
- Enable rate limiting and anomaly detection on API endpoints
- Consider network-level mitigations (WAF, NDR) and reduce attack surface
- Plan change management to patch in a maintenance window; verify backups and take a baseline after remediation
- If KEV or EPSS signals existed, escalate to priority 1; in absence of those signals, maintain as high-priority remediation.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
