{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-52954","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2025-06-23T13:16:01.410Z","datePublished":"2025-07-11T14:42:02.013Z","dateUpdated":"2026-02-26T17:50:45.463Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"22.2R3-S7-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"22.4R3-S7-EVO","status":"affected","version":"22.4","versionType":"semver"},{"lessThan":"23.2R2-S4-EVO","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S5-EVO","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R2-S1-EVO","status":"affected","version":"24.2","versionType":"semver"},{"lessThan":"24.4R1-S2-EVO, 24.4R2-EVO","status":"affected","version":"24.4","versionType":"semver"}]}],"datePublic":"2025-07-09T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise.
Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system.
This issue affects Junos OS Evolved:
All versions before 22.2R3-S7-EVO,
from 22.4 before 22.4R3-S7-EVO,
from 23.2 before 23.2R2-S4-EVO,
from 23.4 before 23.4R2-S5-EVO,
from 24.2 before 24.2R2-S1-EVO
from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.
"}],"value":"A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise.\n\nAny low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system. \n\nThis issue affects Junos OS Evolved: \n\n\n\n * All versions before 22.2R3-S7-EVO, \n * from 22.4 before 22.4R3-S7-EVO, \n * from 23.2 before 23.2R2-S4-EVO, \n * from 23.4 before 23.4R2-S5-EVO, \n * from 24.2 before 24.2R2-S1-EVO\n * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.5,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2025-07-11T14:44:14.455Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA100060"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue:
Junos OS Evolved: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S2-EVO, 24.4R2-EVO, 25.2R1-EVO and all subsequent releases.
"}],"value":"The following software releases have been updated to resolve this specific issue: \n\nJunos OS Evolved: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S2-EVO, 24.4R2-EVO, 25.2R1-EVO and all subsequent releases."}],"source":{"advisory":"JSA100060","defect":["1765490"],"discovery":"INTERNAL"},"title":"Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.
Grant shell and network permissions only to trusted users. "}],"value":"Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nGrant shell and network permissions only to trusted users."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-52954","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-07-12T03:55:11.784790Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:45.463Z"}}]}}