A Missing Authentication for Critical Function...

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.

If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one.

This issue affects Security Director Policy Enforcer:

All versions before 23.1R1 Hotpatch v3.

This issue does not affect Junos Space Security Director Insights.

References

Published by the National Vulnerability Database Oct 9, 2025

Published to the GitHub Advisory Database Oct 9, 2025

Last updated Oct 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS overall score

CVSS v4 base metrics

Exploitability Metrics

Vulnerable System Impact Metrics

Subsequent System Impact Metrics

CVSS v4 base metrics

Exploitability Metrics

Vulnerable System Impact Metrics

Subsequent System Impact Metrics

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Missing Authentication for Critical Function

CVE ID

GHSA ID

Source code

Uh oh!