cvelistv5 - cve-2025-52989

CVE-2025-52989 (GCVE-0-2025-52989)

Vulnerability from cvelistv5

Published

2025-07-11 15:10

Modified

2025-07-15 19:55

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/R:U/RE:M

CWE

CWE-140 - Improper Neutralization of Delimiters

Summary

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration. This issue affects: Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S5-EVO, * 24.2-EVO versions before 24.2R2-S1-EVO * 24.4-EVO versions before 24.4R2-EVO.

References

►

URL

Tags

sirt@juniper.net

https://supportportal.juniper.net/JSA100096

Impacted products

Vendor

Product

Version

►

Juniper Networks

Junos OS

Version: 0   ≤
Version: 22.4   ≤
Version: 23.2   ≤
Version: 23.4   ≤
Version: 24.2   ≤
Version: 24.4   ≤

Juniper Networks

Junos OS Evolved

Version: 0   ≤
Version: 23.2-EVO   ≤
Version: 23.4-EVO   ≤
Version: 24.2-EVO   ≤
Version: 24.4-EVO   ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T16:04:20.634737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T19:55:03.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.2R3-S7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S7",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S1",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1-S2, 24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S7-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S5-EVO",
              "status": "affected",
              "version": "23.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S1-EVO",
              "status": "affected",
              "version": "24.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vincent Szurma (vszurma) \u2013 Independent IT and Security Consultant"
        }
      ],
      "datePublic": "2025-07-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\u0026nbsp;can change any part of the device configuration.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.2R3-S7,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2, 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e23.4-EVO versions before 23.4R2-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.2-EVO versions before 24.2R2-S1-EVO\u003c/span\u003e\n\n\u003cbr\u003e\u003c/li\u003e\u003cli\u003e24.4-EVO versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\n\n\n\nA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\u00a0can change any part of the device configuration.\n\n\n\n\nThis issue affects:\n\n\u00a0Junos OS:\u00a0\n\n\n\n  *  all versions before 22.2R3-S7,\n  *  22.4 versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S4,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO,\u00a0\n  *  24.2-EVO versions before 24.2R2-S1-EVO\n\n\n\n  *  24.4-EVO versions before 24.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/R:U/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-140",
              "description": "CWE-140 Improper Neutralization of Delimiters",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T15:10:47.204Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA100096"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R2-EVO, 25.2R1-EVO;\u003cbr\u003eJunos OS: 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2-S1, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R2-EVO, 25.2R1-EVO;\nJunos OS: 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2-S1, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA100096",
        "defect": [
          "1860340"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/p\u003e\u003cp\u003eUtilize CLI authorization to disallow the execution of the \u0027\u003cstrong\u003eannotate\u003c/strong\u003e\u0027 command.\u003c/p\u003e"
            }
          ],
          "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow the execution of the \u0027annotate\u0027 command."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-52989",
    "datePublished": "2025-07-11T15:10:47.204Z",
    "dateReserved": "2025-06-23T18:23:44.546Z",
    "dateUpdated": "2025-07-15T19:55:03.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52989\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-07-11T16:15:26.367\",\"lastModified\":\"2025-07-15T13:14:49.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\\n\\n\\n\\nA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\u00a0can change any part of the device configuration.\\n\\n\\n\\n\\nThis issue affects:\\n\\n\u00a0Junos OS:\u00a0\\n\\n\\n\\n  *  all versions before 22.2R3-S7,\\n  *  22.4 versions before 22.4R3-S7,\\n  *  23.2 versions before 23.2R2-S4,\\n  *  23.4 versions before 23.4R2-S4,\\n  *  24.2 versions before 24.2R2-S1,\\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\\n\\n\\n\\n\\nJunos OS Evolved:\\n\\n\\n\\n  *  all versions before 22.4R3-S7-EVO,\\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\\n  *  23.4-EVO versions before 23.4R2-S5-EVO,\u00a0\\n  *  24.2-EVO versions before 24.2R2-S1-EVO\\n\\n\\n\\n  *  24.4-EVO versions before 24.4R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores en la interfaz de usuario de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local autenticado con privilegios elevados modifique la configuraci\u00f3n del sistema. Un usuario con permisos limitados de configuraci\u00f3n y confirmaci\u00f3n, mediante un comando de anotaci\u00f3n de configuraci\u00f3n manipulado espec\u00edficamente, puede modificar cualquier parte de la configuraci\u00f3n del dispositivo. Este problema afecta a: Junos OS: * todas las versiones anteriores a 22.2R3-S7, * versiones 22.4 anteriores a 22.4R3-S7, * versiones 23.2 anteriores a 23.2R2-S4, * versiones 23.4 anteriores a 23.4R2-S4, * versiones 24.2 anteriores a 24.2R2-S1, * versiones 24.4 anteriores a 24.4R1-S2, 24.4R2; Junos OS Evolved: * todas las versiones anteriores a 22.4R3-S7-EVO, * versiones 23.2-EVO anteriores a 23.2R2-S4-EVO, * versiones 23.4-EVO anteriores a 23.4R2-S5-EVO, * versiones 24.2-EVO anteriores a 24.2R2-S1-EVO * versiones 24.4-EVO anteriores a 24.4R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"USER\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-140\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA100096\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52989\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-11T16:04:20.634737Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T16:04:28.819Z\"}}], \"cna\": {\"title\": \"Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration\", \"source\": {\"defect\": [\"1860340\"], \"advisory\": \"JSA100096\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Vincent Szurma (vszurma) \\u2013 Independent IT and Security Consultant\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 6.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/R:U/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.2R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2-S1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4\", \"lessThan\": \"24.4R1-S2, 24.4R2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.4R3-S7-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2-EVO\", \"lessThan\": \"23.2R2-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4-EVO\", \"lessThan\": \"23.4R2-S5-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2-EVO\", \"lessThan\": \"24.2R2-S1-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4-EVO\", \"lessThan\": \"24.4R2-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\nJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R2-EVO, 25.2R1-EVO;\\nJunos OS: 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2-S1, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R2-EVO, 25.2R1-EVO;\u003cbr\u003eJunos OS: 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2-S1, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2025-07-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA100096\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\\n\\nUtilize CLI authorization to disallow the execution of the \u0027annotate\u0027 command.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eUse access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003c/p\u003e\u003cp\u003eUtilize CLI authorization to disallow the execution of the \u0027\u003cstrong\u003eannotate\u003c/strong\u003e\u0027 command.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\\n\\n\\n\\nA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\\u00a0can change any part of the device configuration.\\n\\n\\n\\n\\nThis issue affects:\\n\\n\\u00a0Junos OS:\\u00a0\\n\\n\\n\\n  *  all versions before 22.2R3-S7,\\n  *  22.4 versions before 22.4R3-S7,\\n  *  23.2 versions before 23.2R2-S4,\\n  *  23.4 versions before 23.4R2-S4,\\n  *  24.2 versions before 24.2R2-S1,\\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\\n\\n\\n\\n\\nJunos OS Evolved:\\n\\n\\n\\n  *  all versions before 22.4R3-S7-EVO,\\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\\n  *  23.4-EVO versions before 23.4R2-S5-EVO,\\u00a0\\n  *  24.2-EVO versions before 24.2R2-S1-EVO\\n\\n\\n\\n  *  24.4-EVO versions before 24.4R2-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\u0026nbsp;can change any part of the device configuration.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.2R3-S7,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2, 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e23.4-EVO versions before 23.4R2-S5-EVO,\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e24.2-EVO versions before 24.2R2-S1-EVO\u003c/span\u003e\\n\\n\u003cbr\u003e\u003c/li\u003e\u003cli\u003e24.4-EVO versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-140\", \"description\": \"CWE-140 Improper Neutralization of Delimiters\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-07-11T15:10:47.204Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52989\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-15T19:55:03.872Z\", \"dateReserved\": \"2025-06-23T18:23:44.546Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-07-11T15:10:47.204Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-52989

Vulnerability from fkie_nvd

Published

2025-07-11 16:15

Modified

2025-07-15 13:14

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Summary

References

▶	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA100096

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\n\n\n\nA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\u00a0can change any part of the device configuration.\n\n\n\n\nThis issue affects:\n\n\u00a0Junos OS:\u00a0\n\n\n\n  *  all versions before 22.2R3-S7,\n  *  22.4 versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S4,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO,\u00a0\n  *  24.2-EVO versions before 24.2R2-S1-EVO\n\n\n\n  *  24.4-EVO versions before 24.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de delimitadores en la interfaz de usuario de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local autenticado con privilegios elevados modifique la configuraci\u00f3n del sistema. Un usuario con permisos limitados de configuraci\u00f3n y confirmaci\u00f3n, mediante un comando de anotaci\u00f3n de configuraci\u00f3n manipulado espec\u00edficamente, puede modificar cualquier parte de la configuraci\u00f3n del dispositivo. Este problema afecta a: Junos OS: * todas las versiones anteriores a 22.2R3-S7, * versiones 22.4 anteriores a 22.4R3-S7, * versiones 23.2 anteriores a 23.2R2-S4, * versiones 23.4 anteriores a 23.4R2-S4, * versiones 24.2 anteriores a 24.2R2-S1, * versiones 24.4 anteriores a 24.4R1-S2, 24.4R2; Junos OS Evolved: * todas las versiones anteriores a 22.4R3-S7-EVO, * versiones 23.2-EVO anteriores a 23.2R2-S4-EVO, * versiones 23.4-EVO anteriores a 23.4R2-S5-EVO, * versiones 24.2-EVO anteriores a 24.2R2-S1-EVO * versiones 24.4-EVO anteriores a 24.4R2-EVO."
    }
  ],
  "id": "CVE-2025-52989",
  "lastModified": "2025-07-15T13:14:49.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.2,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-11T16:15:26.367",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA100096"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-140"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}

ghsa-23x4-8x8q-6443

Vulnerability from github

Published

2025-07-11 18:30

Modified

2025-07-11 18:30

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/R:U/RE:M

Details

A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration.

This issue affects:

Junos OS:

all versions before 22.2R3-S7,
22.4 versions before 22.4R3-S7,
23.2 versions before 23.2R2-S4,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R2-S1,
24.4 versions before 24.4R1-S2, 24.4R2;

Junos OS Evolved:

all versions before 22.4R3-S7-EVO,
23.2-EVO versions before 23.2R2-S4-EVO,
23.4-EVO versions before 23.4R2-S5-EVO,
24.2-EVO versions before 24.2R2-S1-EVO
24.4-EVO versions before 24.4R2-EVO.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-52989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-140"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-11T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.\n\n\n\nA user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,\u00a0can change any part of the device configuration.\n\n\n\n\nThis issue affects:\n\n\u00a0Junos OS:\u00a0\n\n\n\n  *  all versions before 22.2R3-S7,\n  *  22.4 versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S4,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO,\u00a0\n  *  24.2-EVO versions before 24.2R2-S1-EVO\n\n\n\n  *  24.4-EVO versions before 24.4R2-EVO.",
  "id": "GHSA-23x4-8x8q-6443",
  "modified": "2025-07-11T18:30:34Z",
  "published": "2025-07-11T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52989"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA100096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

wid-sec-w-2025-1519

Vulnerability from csaf_certbund

Published

2025-07-09 22:00

Modified

2025-07-13 22:00

Summary

Juniper JUNOS: Mehrere Schwachstellen ermöglichen Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. Die Juniper MX-Serie ist eine Produktfamilie von Routern. SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper. Juniper Security Director ermöglicht die Verwaltung und Kontrolle von Sicherheitsrichtlinien für lokale Infrastrukturen über eine zentrale, webbasierte Benutzeroberfläche.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper MX Series, Juniper SRX Series und Juniper Security Director ausnutzen, um Daten zu manipulieren oder offenzulegen, Sicherheitsmaßnahmen zu umgehen, Code auszuführen, einen Denial of Service zu verursachen oder seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- Juniper Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nJuniper Security Director erm\u00f6glicht die Verwaltung und Kontrolle von Sicherheitsrichtlinien f\u00fcr lokale Infrastrukturen \u00fcber eine zentrale, webbasierte Benutzeroberfl\u00e4che.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper MX Series, Juniper SRX Series und Juniper Security Director ausnutzen, um Daten zu manipulieren oder offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Code auszuf\u00fchren, einen Denial of Service zu verursachen oder seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1519 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1519.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1519 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1519"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sortCriteria=date%20descending\u0026f-sf_primarysourcename=Knowledge\u0026f-sf_articletype=Security%20Advisories\u0026numberOfResults=30"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2024-3596 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Vulnerability-in-the-RADIUS-protocol-for-Subscriber-Management-Blast-RADIUS-CVE-2024-3596"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-26466-resolved-in-9-3R2-release vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-CTPView-OpenSSH-vulnerability-CVE-2025-26466-resolved-in-9-3R2-release"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-30661 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Low-privileged-user-can-cause-script-to-run-as-root-leading-to-privilege-escalation-CVE-2025-30661"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52946 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-traceoptions-enabled-receipt-of-malformed-AS-PATH-causes-RPD-crash-CVE-2025-52946"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52947 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-ACX-Series-When-hot-standby-mode-is-configured-for-an-L2-circuit-interface-flap-causes-the-FEB-to-crash"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52948 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Specific-unknown-traffic-pattern-causes-FPC-and-system-to-crash-when-packet-capturing-is-enabled-CVE-2025-52948"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52949 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-environment-receipt-of-a-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-52949"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52950 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-multiple-endpoints-in-web-interface-CVE-2025-52950"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52951 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-IPv6-firewall-filter-fails-to-match-payload-protocol-CVE-2025-52951"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52952 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC-BUILTIN-MPC-1-through-MPC-9-Receipt-and-processing-of-a-malformed-packet-causes-one-or-more-FPCs-to-crash-CVE-2025-52952"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52953 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-unauthenticated-adjacent-attacker-sending-a-valid-BGP-UPDATE-packet-forces-a-BGP-session-reset-CVE-2025-52953"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52954 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-A-low-privileged-user-can-execute-CLI-commands-and-modify-the-configuration-compromise-the-system-CVE-2025-52954"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52955 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-When-jflow-sflow-is-enabled-receipt-of-specific-route-updates-causes-rpd-crash-CVE-2025-52955"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52958 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-route-validation-is-enabled-BGP-connection-establishment-failure-causes-RPD-crash-CVE-2025-52958"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52963 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-A-low-privileged-user-can-disable-an-interface-CVE-2025-52963"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52964 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-BGP-UPDATE-causes-an-rpd-crash-on-devices-with-BGP-multipath-configured-CVE-2025-52964"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52980 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX300-Series-Upon-receiving-a-specific-valid-BGP-UPDATE-message-rpd-will-crash-CVE-2025-52980"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52981 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2025-52981"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52982 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-When-specific-SIP-packets-are-processed-the-MS-MPC-will-crash-CVE-2025-52982"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52983 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-After-removing-ssh-public-key-authentication-root-can-still-log-in-CVE-2025-52983"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52984 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-a-static-route-points-to-an-unreachable-next-hop-and-a-gNMI-query-for-this-route-is-processed-RPD-crashes-CVE-2025-52984"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52985 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-When-a-control-plane-firewall-filter-refers-to-a-prefix-list-with-more-then-10-entries-it-s-not-matching-CVE-2025-52985"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52986 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-RIB-sharding-is-configured-each-time-a-show-command-is-executed-RPD-memory-leaks-CVE-2025-52986"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52988 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Privilege-escalation-via-CLI-command-request-system-logout-CVE-2025-52988"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52989 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Annotate-configuration-command-can-be-used-for-privilege-escalation-CVE-2025-52989"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-6549 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-J-Web-can-be-exposed-on-additional-interfaces-CVE-2025-6549"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin VU#199397 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation",
    "tracking": {
      "current_release_date": "2025-07-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-14T06:25:13.449+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1519",
      "initial_release_date": "2025-07-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-21162, EUVD-2025-21161, EUVD-2025-21160, EUVD-2025-21158, EUVD-2025-21157, EUVD-2025-21165, EUVD-2025-21167, EUVD-2025-21156, EUVD-2025-21155, EUVD-2025-21166, EUVD-2025-21163"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Juniper JUNOS",
                "product": {
                  "name": "Juniper JUNOS",
                  "product_id": "T032362",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Evolved",
                "product": {
                  "name": "Juniper JUNOS Evolved",
                  "product_id": "T042696",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:evolved"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          },
          {
            "category": "product_name",
            "name": "Juniper MX Series",
            "product": {
              "name": "Juniper MX Series",
              "product_id": "918766",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:mx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper SRX Series",
            "product": {
              "name": "Juniper SRX Series",
              "product_id": "T045305",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:srx_service_gateways:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper Security Director",
            "product": {
              "name": "Juniper Security Director",
              "product_id": "T045307",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:security_director:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3596",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2025-26466",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-26466"
    },
    {
      "cve": "CVE-2025-30661",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-30661"
    },
    {
      "cve": "CVE-2025-52946",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52946"
    },
    {
      "cve": "CVE-2025-52947",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52947"
    },
    {
      "cve": "CVE-2025-52948",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52948"
    },
    {
      "cve": "CVE-2025-52949",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52949"
    },
    {
      "cve": "CVE-2025-52950",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52950"
    },
    {
      "cve": "CVE-2025-52951",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52951"
    },
    {
      "cve": "CVE-2025-52952",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52952"
    },
    {
      "cve": "CVE-2025-52953",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52953"
    },
    {
      "cve": "CVE-2025-52954",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52954"
    },
    {
      "cve": "CVE-2025-52955",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52955"
    },
    {
      "cve": "CVE-2025-52958",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52958"
    },
    {
      "cve": "CVE-2025-52963",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52963"
    },
    {
      "cve": "CVE-2025-52964",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52964"
    },
    {
      "cve": "CVE-2025-52980",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52980"
    },
    {
      "cve": "CVE-2025-52981",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52981"
    },
    {
      "cve": "CVE-2025-52982",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52982"
    },
    {
      "cve": "CVE-2025-52983",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52983"
    },
    {
      "cve": "CVE-2025-52984",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52984"
    },
    {
      "cve": "CVE-2025-52985",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52985"
    },
    {
      "cve": "CVE-2025-52986",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52986"
    },
    {
      "cve": "CVE-2025-52988",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52988"
    },
    {
      "cve": "CVE-2025-52989",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52989"
    },
    {
      "cve": "CVE-2025-6549",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-6549"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-52989 (GCVE-0-2025-52989)

Vulnerability from cvelistv5

fkie_cve-2025-52989

Vulnerability from fkie_nvd

ghsa-23x4-8x8q-6443

Vulnerability from github

wid-sec-w-2025-1519

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature