Juniper Networks patches nearly 220 security flaws in quarterly October 2025 update

Juniper Networks has released its quarterly schedule for October 2025, patching nearly 220 vulnerabilities in multiple products including Junos OS, Junos OS Evolved, Junos Space, and Security Director platforms. 

Junos Space version 24.1R4 was released to patch 24 cross-site scripting vulnerabilities that could allow attackers to compromise the platform's security. The most severe of these flaws is tracked as CVE-2025-59978 (CVSS score 9.0), a critical-severity stored cross-site scripting vulnerability that enables attackers to embed malicious script tags within text pages.

Juniper then released Junos Space 24.1R4 Patch V1, which contains fixes for 162 unique Common Vulnerabilities and Exposures, representing the bulk of the security updates in this quarterly cycle. 

Critical flaws patched:

• CVE-2019-12900 (CVSS score 9.8)
• CVE-2023-38408 (CVSS score 9.8)
• CVE-2024-3596 (CVSS score 9.0)
• CVE-2024-27280 (CVSS score 9.8)
• CVE-2024-35845 (CVSS score 9.1)
• CVE-2024-47538 (CVSS score 9.8)
• CVE-2024-47607 (CVSS score 9.8)
• CVE-2024-47615 (CVSS score 9.8)
• CVE-2025-59978 (CVSS score 9.0)

Beyond the critical-severity vulnerabilities, the Junos Space updates also resolve one high-severity denial-of-service vulnerability that could be exploited to disrupt system availability and cause operational interruptions. 

Juniper Networks reports that while the company is not currently aware of active exploitation of these vulnerabilities in real-world attacks. Organizations using affected Juniper products should update their products as a matter of priority. 

Users of affected Juniper products can access detailed technical information about each resolved vulnerability, including specific affected versions, patched versions, and any available workarounds or mitigation strategies through the company's support portal.