CVSS: 8.4EPSS: 0%CPEs: 12EXPL: 0CVE-2025-52988 – Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout'
https://notcve.org/view.php?id=CVE-2025-52988
11 Jul 2025 — An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions bef... • https://supportportal.juniper.net/JSA100095 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-6549 – Junos OS: SRX Series: J-Web can be exposed on additional interfaces
https://notcve.org/view.php?id=CVE-2025-6549
11 Jul 2025 — An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S... • https://supportportal.juniper.net/JSA100098 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2025-52989 – Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration
https://notcve.org/view.php?id=CVE-2025-52989
11 Jul 2025 — An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration. This issue affects: Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * ... • https://supportportal.juniper.net/JSA100096 • CWE-140: Improper Neutralization of Delimiters •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-52986 – Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks
https://notcve.org/view.php?id=CVE-2025-52986
11 Jul 2025 — A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task mem... • https://supportportal.juniper.net/JSA100092 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.2EPSS: 0%CPEs: 12EXPL: 0CVE-2025-52984 – Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes
https://notcve.org/view.php?id=CVE-2025-52984
11 Jul 2025 — A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.... • https://supportportal.juniper.net/JSA100090 • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-52983 – Junos OS: After removing ssh public key authentication root can still log in
https://notcve.org/view.php?id=CVE-2025-52983
11 Jul 2025 — A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 vers... • https://supportportal.juniper.net/JSA100089 • CWE-446: UI Discrepancy for Security Feature •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-52981 – Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash
https://notcve.org/view.php?id=CVE-2025-52981
11 Jul 2025 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If a sequence of specific PIM packets is received, this will cause a flowd crash and restart. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S... • https://supportportal.juniper.net/JSA100087 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-52980 – Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message
https://notcve.org/view.php?id=CVE-2025-52980
11 Jul 2025 — A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart. This issue affects eBGP and iBGP over IPv4 and IPv6. This issue affects: Junos OS: * 22.1 versions from 22.1R1 before 22.2R3-S4, * 22.3... • https://supportportal.juniper.net/JSA100084 • CWE-198: Use of Incorrect Byte Ordering •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2025-52964 – Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured
https://notcve.org/view.php?id=CVE-2025-52964
11 Jul 2025 — A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send ... • https://supportportal.juniper.net/JSA100080 • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-52963 – Junos OS: A low-privileged user can disable an interface
https://notcve.org/view.php?id=CVE-2025-52963
11 Jul 2025 — An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from ... • https://supportportal.juniper.net/JSA100078 • CWE-284: Improper Access Control •