Forwarded by the National Information Security Information Sharing and Analysis Center (NISAC-200-202510-00000030)

[Content Description]
Researchers have discovered a stored cross-site scripting vulnerability (CVE-2025-59978) in Juniper Junos Space. An authenticated remote attacker could exploit this vulnerability to inject malicious scripts into web pages. When a user browses to an affected page, the malicious script will execute in their browser, allowing the attacker to execute unauthorized commands with administrator privileges. Please verify and patch this vulnerability as soon as possible.

[Affected Platforms]
Junos Space versions prior to 24.1R4

[Recommended Action]
Officials have released a fix for this vulnerability. Please refer to the official instructions for the update:
https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-59978
2. https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release