Juniper Networks has rolled out a sweeping set of security patches addressing more than 200 vulnerabilities in its Junos Space and Security Director platforms, including nine rated as critical.
The networking giant released the updates as part of its regular October 2025 security advisories, marking one of its largest patch cycles to date. The company confirmed that Junos Space version 24.1R4 and its Patch V1 include fixes for a range of high-impact flaws that could expose systems to remote code execution, denial-of-service (DoS) attacks, and data exposure risks.
Among the fixes are 24 cross-site scripting (XSS) vulnerabilities, including a critical one tracked as CVE-2025-59978 with a CVSS score of 9.0. This flaw could allow an attacker to embed malicious scripts in text pages, potentially executing commands on a user’s system with administrative privileges.
Patch V1 also resolves 162 unique CVEs, nine of which are classified as critical. These include CVE-2019-12900, CVE-2023-38408, CVE-2024-3596, CVE-2024-27280, CVE-2024-35845, CVE-2024-47538, CVE-2024-47607, and CVE-2024-47615. Several of these vulnerabilities stem from third-party software components used in Junos Space.
Beyond the critical flaws, Juniper addressed multiple high- and medium-severity bugs that could allow attackers to perform actions such as downloading arbitrary files, bypassing security controls, or disrupting operations. The list includes a high-severity DoS issue and HTTP parameter pollution bugs that could be leveraged to interfere with normal system behavior.
Security updates also extended to Junos Space Security Director, which received patches for three high-severity and fifteen medium-severity vulnerabilities. A separate fix was issued for a high-severity flaw in Security Director Policy Enforcer, further strengthening Juniper’s cloud-based management systems.
For Junos OS and Junos OS Evolved, the updates addressed two high-severity DoS vulnerabilities and several medium-severity issues that might let attackers gain unauthorized access, modify files, or even create backdoors.
Juniper stated that, as of now, there are no reports of active exploitation of these vulnerabilities. However, the company strongly urges users to apply the patches immediately, noting that no workarounds exist for most of the identified flaws.
This large-scale update reinforces Juniper Networks’ ongoing efforts to enhance security resilience across its infrastructure management tools, particularly as enterprise networks continue to face growing cyber threats targeting critical control systems.
