// For flags

CVE-2025-30661

Junos OS: Low-privileged user can cause script to run as root, leading to privilege escalation

Severity Score

8.5
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system. This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. This issue affects Junos OS: * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2. This issue does not affect versions prior to 23.1R2.

*Credits: Juniper SIRT would like to acknowledge and thank Pierre EMERIAUD from Orange group & Orange CERT-CC for responsibly reporting this vulnerability.
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Passive
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Passive
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2025-03-24 CVE Reserved
  • 2025-07-11 CVE Published
  • 2025-07-12 CVE Updated
  • 2025-07-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 23.2 < 23.2R2-S4
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2-S4"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 23.4 < 23.4R2-S5
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R2-S5"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 24.2 < 24.2R2-S1
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 24.2 < 24.2R2-S1"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 24.4 < 24.4R1-S3
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 24.4 < 24.4R1-S3"
en
Affected
Juniper Networks
Search vendor "Juniper Networks"
 Junos OS
Search vendor "Juniper Networks" for product "Junos OS"
 >= 24.4 < 24.4R2
Search vendor "Juniper Networks" for product "Junos OS" and version " >= 24.4 < 24.4R2"
en
Affected