CVE-2025-52987 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-52987 PUBLISHED CVSS 6.099999904632568 MEDIUM

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control. This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

EPSS 0.01% · 1.9th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.01%

1.9th percentile

Affected Products

Vendor	Product	Versions
Juniper Networks	Paragon Automation (Pathfinder, Planner, Insights)	0
juniper	paragon_automation	0

Timeline

Nov 1, 2025 PoC Published
Jan 15, 2026 CVE Published
Jan 16, 2026 EPSS Score
Jan 16, 2026 CVE Updated
Jan 18, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 23, 2026 EPSS Score
Jan 25, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 30, 2026 EPSS Score
Feb 1, 2026 EPSS Score
Feb 4, 2026 EPSS Score

References

https://supportportal.juniper.net/ vendor-advisory
https://kb.juniper.net/JSA103145 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-52987 advisory
https://supportportal.juniper.net url

Open in Interactive Console →