CVE-2025-11198

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.

If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker’s uploaded image to VMware NSX instead of a legitimate one.

This issue affects Security Director Policy Enforcer:  

* All versions before 23.1R1 Hotpatch v3.

This issue does not affect Junos Space Security Director Insights.

More information : https://supportportal.juniper.net/JSA103437