Warning: Critical (CVE-2025-6549) Unauthorized Access Vulnerability in Junos OS Web Server on SRX Series, Allowing Network-Based Attackers Access to J-Web, Patch Immediately!

Image
Decorative image
Published : 11/07/2025
  • Last update:
  • Affected software:
    → Junos OS: all versions before 21.4R3-S9
    → Junos OS: 22.2 versions before 22.2R3-S5
    → Junos OS: 22.4 versions before 22.4R3-S5
    → Junos OS: 23.2 versions before 23.2R2-S3
    → Junos OS: 23.4 versions before 23.4R2-S5
    → Junos OS: 24.2 versions before 24.2R2
  • Type: Incorrect Authorization
  • CVE/CVSS
    → CVE-2025-6549: CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Sources

https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-J-Web-can-be-exposed-on-additional-interfaces-CVE-2025-6549?language=en_US

Risks

Successful exploitation of this vulnerability in various versions of Junos OS enables a network-based attacker, without authentication, to access the Juniper Web Device Manager (J-Web).

This vulnerability has a significant impact on confidentiality, integrity.

CVE-2025-6549 poses a significant risk because it affects Juniper SRX Series firewalls, which are commonly deployed as critical perimeter security devices in enterprise and service provider environments.

As of 11-07-2025, there is no evidence of this vulnerability being actively exploited.

Description

This critical vulnerability enables attackers to:

  • Access the J-Web management interface without valid credentials.
  • Perform unauthorized configuration changes or view sensitive settings.
  • Expand their access within the network management plane.
  • Undermine firewall integrity and weaken perimeter security.
  • Potentially chain with other exploits to escalate privileges or persist in the environment.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

https://www.tenable.com/cve/CVE-2025-6549