CVE-2025-52983
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_os | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-446 | The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a UI discrepancy in Juniper Networks Junos OS on VM Host systems that allows a network-based, unauthenticated attacker to access the device. Specifically, on VM Host Routing Engines, even if the configured public key for root access has been removed, remote users who possess the corresponding private key can still log in as root.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized remote users to gain root access to affected Junos OS VM Host systems, potentially leading to full control over the device. This can result in unauthorized configuration changes, data breaches, or disruption of network services.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Junos OS on VM Host systems to a fixed version. Specifically, update to versions 22.2R3-S7 or later, 22.4R3-S5 or later, 23.2R2-S3 or later, 23.4R2-S3 or later, or 24.2R1-S2 or later. Removing the configured public key for root alone is insufficient; applying the patch or upgrading to a fixed version is necessary to prevent unauthorized root access.