CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2025-52989 – Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration
https://notcve.org/view.php?id=CVE-2025-52989
11 Jul 2025 — An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration. This issue affects: Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * ... • https://supportportal.juniper.net/JSA100096 • CWE-140: Improper Neutralization of Delimiters •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2025-52986 – Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks
https://notcve.org/view.php?id=CVE-2025-52986
11 Jul 2025 — A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task mem... • https://supportportal.juniper.net/JSA100092 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2025-52985 – Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching
https://notcve.org/view.php?id=CVE-2025-52985
11 Jul 2025 — A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to t... • https://supportportal.juniper.net/JSA100091 • CWE-480: Use of Incorrect Operator •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2025-52953 – Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset
https://notcve.org/view.php?id=CVE-2025-52953
11 Jul 2025 — An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * A... • https://supportportal.juniper.net/JSA100059 • CWE-440: Expected Behavior Violation •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-52954 – Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system
https://notcve.org/view.php?id=CVE-2025-52954
11 Jul 2025 — A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system. This issue affects Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4 before 22.4R3-S7-EVO, * ... • https://supportportal.juniper.net/JSA100060 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2025-52949 – Junos OS and Junos OS Evolved: In an EVPN environment, receipt of specifically malformed BGP update causes RPD crash
https://notcve.org/view.php?id=CVE-2025-52949
11 Jul 2025 — An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerab... • https://supportportal.juniper.net/JSA100053 • CWE-130: Improper Handling of Length Parameter Inconsistency •