vulnerability
Juniper Junos OS: 2026-01 Security Bulletin: Junos OS and Junos OS Evolved: Unix socket used to control the jdhcpd process is world-writable (JSA103150) (CVE-2025-59961)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:C/A:N) | Jan 14, 2026 | Jan 27, 2026 | Jan 27, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:C/A:N)
Published
Jan 14, 2026
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.This issue affects:Junos OS:
Solution
juniper-junos-os-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.