CVE-2025-52985
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-18
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_os_evolved | 23.4r2-s3-evo |
| juniper | junos_os_evolved | 24.2r2-evo |
| juniper | junos_os_evolved | 23.2r2-s3-evo |
| juniper | junos_os_evolved | 24.4-evo |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-480 | The product accidentally uses the wrong operator, which changes the logic in security-relevant ways. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use of Incorrect Operator issue in the Routing Engine firewall of Juniper Networks Junos OS Evolved. It allows an unauthenticated, network-based attacker to bypass security restrictions when a firewall filter applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list' that contains more than 10 entries. In this case, the prefix list does not match, and packets destined to or from the local device are not filtered, effectively bypassing the firewall rules.
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to bypass security restrictions on the affected Junos OS Evolved devices. This means that packets to or from the local device may not be filtered as intended, potentially allowing unauthorized access or malicious traffic to pass through the firewall, which could lead to compromise of the device or network.