CVE-2025-52987

MEDIUM6.1

Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

Published Jan 15, 2026

Modified Yesterday

No fix available

Details

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control.

This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

References

ADVISORYhttps://kb.juniper.net/JSA103145 ADVISORYhttps://supportportal.juniper.net/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-52987

CVSS Analysis

CVSS v4.0

5.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

LowSC:L

Subseq. Integrity

LowSI:L

Subseq. Availability

NoneSA:N

5.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M

Weakness Type (CWE)

Other

CWE-1021

Ecosystems

Timeline

PublishedJan 15, 2026

ModifiedJan 15, 2026