CVE-2025-59957
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-09

Last updated on: 2025-10-14

Assigner: Juniper Networks, Inc.

Description
An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onΒ EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't configured with a root password, an attacker can modify a specific file. It's contents will be added to the Junos configuration of the device without being visible. This allows for the addition of any configuration unknown to the actual operator,Β which includes users, IP addresses and other configuration which could allow unauthorized access to the device. This exploit is persistent across reboots and even zeroization. The indicator of compromise is a modified /etc/config/<platform>-defaults[-flex].conf file. Review that file for unexpected configuration statements, or compare it to an unmodified version which can beΒ extracted from the original Juniper software image file. For details on the extraction procedure please contact Juniper Technical Assistance Center (JTAC). To restore the device to a trusted initial configuration the system needs to be reinstalled from physical media.Β  This issue affects Junos OS on EX4600 Series and QFX5000 Series: * All versions before 21.4R3, * 22.2 versions before 22.2R3-S3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-09
Last Modified
2025-10-14
Generated
2026-05-07
AI Q&A
2025-10-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59957
EUVD
EUVD-2025-33400
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
juniper junos_os 22.2r3-s3
juniper junos_os 21.4r3
juniper junos_os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Origin Validation Error in Juniper Networks Junos OS on EX4600 and QFX5000 Series devices. If the device is not configured with a root password, an unauthenticated attacker with physical access can modify a specific file (/etc/config/<platform>-defaults[-flex].conf). The modified file's contents are silently added to the device's configuration, allowing the attacker to add unauthorized users, IP addresses, or other configurations. This backdoor persists across reboots and even after zeroization, effectively giving the attacker complete control over the system.


How can this vulnerability impact me? :

This vulnerability can allow an attacker with physical access to create a persistent backdoor on the affected device, granting them complete control over the system. This includes unauthorized access through added users or IP addresses, potentially leading to data breaches, network compromise, and disruption of services. The backdoor remains even after device reboots or zeroization, making it difficult to detect and remove without reinstalling the system from physical media.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by reviewing the /etc/config/<platform>-defaults[-flex].conf file on the affected device for unexpected configuration statements or by comparing it to an unmodified version extracted from the original Juniper software image. Specific commands are not provided, but inspecting the contents of this file for unauthorized changes is the recommended approach.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include ensuring the device is configured with a root password to prevent unauthorized modification of the configuration file. If the device is already compromised, restoring the device to a trusted initial configuration by reinstalling the system from physical media is necessary.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart