{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-59961","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2025-09-23T18:19:06.955Z","datePublished":"2026-01-15T20:14:43.508Z","dateUpdated":"2026-01-15T21:08:37.387Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"21.2R3-S10","status":"affected","version":"0","versionType":"semver"},{"lessThan":"21.4R3-S12","status":"affected","version":"21.4","versionType":"semver"},{"lessThan":"22.2*","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.4R3-S8","status":"affected","version":"22.4","versionType":"semver"},{"lessThan":"23.2R2-S5","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S6","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R2-S2","status":"affected","version":"24.2","versionType":"semver"},{"lessThan":"24.4R2","status":"affected","version":"24.4","versionType":"semver"},{"lessThan":"25.2R1-S1, 25.2R2","status":"affected","version":"25.2","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"22.4R3-S8-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"23.2R2-S5-EVO","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S6-EVO","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R2-S2-EVO","status":"affected","version":"24.2","versionType":"semver"},{"lessThan":"24.4R2-EVO","status":"affected","version":"24.4","versionType":"semver"},{"lessThan":"25.2R1-S1-EVO, 25.2R2-EVO","status":"affected","version":"25.2","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

To be affected by this issue, a device must be configured with either:

[ forwarding-options dhcp-relay group <group-name> interface ... ]

or

[ system services dhcp-local-server group <group-name> interface ... ]\n\n
"}],"value":"To be affected by this issue, a device must be configured with either:\n\n [ forwarding-options dhcp-relay group interface ... ]\nor\n\n [ system services dhcp-local-server group interface ... ]"}],"datePublic":"2026-01-14T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.

This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.

This issue affects:
Junos OS:

Junos OS Evolved:
"}],"value":"An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.\n\nThis vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.\n\nThis issue affects:\n Junos OS: \n * all versions before 21.2R3-S10,\n * all versions of 22.2,\n * from 21.4 before 21.4R3-S12,\n * from 22.4 before 22.4R3-S8,\n * from 23.2 before 23.2R2-S5, \n * from 23.4 before 23.4R2-S6, \n * from 24.2 before 24.2R2-S2, \n * from 24.4 before 24.4R2, \n * from 25.2 before 25.2R1-S1, 25.2R2; \n\n\n\nJunos OS Evolved: \n * all versions before 22.4R3-S8-EVO, \n * from 23.2 before 23.2R2-S5-EVO, \n * from 23.4 before 23.4R2-S6-EVO, \n * from 24.2 before 24.2R2-S2-EVO, \n * from 24.4 before 24.4R2-EVO, \n * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"YES","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":6.8,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"GREEN","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:L/AU:Y/R:A/V:C/RE:M/U:Green","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-732","description":"CWE-732 Incorrect Permission Assignment for Critical Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2026-01-15T20:14:43.508Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/"},{"tags":["vendor-advisory"],"url":"https://kb.juniper.net/JSA103150"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue:

Junos OS: 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.
Junos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.
"}],"value":"The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."}],"source":{"advisory":"JSA103150","defect":["1877468"],"discovery":"INTERNAL"},"title":"Junos OS and Junos OS Evolved: Unix socket used to control the jdhcpd process is world-writable","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Manually change permissions of the Unix socket used to control the jdhcpd server to only allow root access. For example:

root@junos> file change-permission filename /mfs/var/run/jdhcpd_mgmt permission 4700\n\n

Note: This change will not be persistent across reboots."}],"value":"Manually change permissions of the Unix socket used to control the jdhcpd server to only allow root access. For example:\n\nroot@junos> file change-permission filename /mfs/var/run/jdhcpd_mgmt permission 4700\n\n\n\nNote: This change will not be persistent across reboots."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-15T21:08:29.604883Z","id":"CVE-2025-59961","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-15T21:08:37.387Z"}}]}}