Juniper Fixes XSS and GStreamer OOB-Write Vulnerabilities

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

EXECUTIVE SUMMARY:

Juniper Networks has critical vulnerabilities in its Junos Space network management software. These flaws are part of a Junos OS, Junos Space, and Security Director.

CVE-2025-59978: A cross-site scripting in Juniper Junos Space lets attackers inject script tags into web pages; when viewed these runs with the viewer’s administrative privileges, enabling command execution and potential full system compromise. Affects versions before 24.1R4. This vulnerability has been assigned a CVSS 9.0.
CVE-2024-47615: A GStreamer OOB-write in gst_parse_vorbis_setup_packet lets an attacker overwrite up to 380 bytes of memory due to unchecked input array size. This vulnerability has been assigned a CVSS 8.6.

RECOMMENDATION:

We strongly recommend you update Junos Space to version 24.1R4 or later to address CVE-2025-59978.
We strongly recommend you update GStreamer to version 1.24.10 to address CVE-2024-47615.

REFERENCES:

The following reports contain further technical details:

https://securityaffairs.com/183229/security/juniper-patched-nine-critical-flaws-in-junos-space.html

Recent Advisories

High-Severity Use-After-Free Vulnerability in Chrome Safe Browsing

October 15, 2025

WhatsApp web-based worm targets banking customers in Brazil

October 14, 2025

SVG Attachment Delivers AsyncRAT in Colombian Judicial Phishing Campaign

October 14, 2025

Astaroth Banking Trojan Abuses Legitimate GitHub Infrastructure to Evade Security Disruptions

October 14, 2025

Juniper Fixes XSS and GStreamer OOB-Write Vulnerabilities

Recent Advisories

Report an Incident