Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-52987 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2025-52987

CVE-2025-52987

MEDIUM6.1

Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

Published Jan 15, 2026

Modified 1 months ago

Details

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control.

This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

References

https://kb.juniper.net/JSA103145

https://supportportal.juniper.net/

https://www.cve.org/CVERecord?id=CVE-2025-52987

CVSS Analysis

CVSS v4.0

5.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

LowSC:L

Subseq. Integrity

LowSI:L

Subseq. Availability

NoneSA:N

5.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedJan 15, 2026

ModifiedJan 16, 2026