CVE-2025-52954
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | juniper_networks_junos_os_evolved | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved. It allows a local, low-privileged user who can send packets over the internal VRF to execute arbitrary Junos commands and modify the system configuration, effectively gaining root privileges and compromising the system.
How can this vulnerability impact me? :
The vulnerability can lead to a complete system compromise by allowing a low-privileged local user to escalate their privileges to root. This means unauthorized users could execute arbitrary commands and change system configurations, potentially disrupting operations, exposing sensitive data, or causing other security breaches.