CVE-2025-21589

EUVD-2025-206381

27.01.2026, 21:15

An Authentication Bypass Using an
Alternate Path or Channel vulnerability in Juniper Networks Session Smart
Router may allows a network-based attacker to bypass authentication
and take administrative control of the device.

This issue affects Session Smart Router: 



  *  from 5.6.7 before 5.6.17, 
  *  from 6.0 before 6.0.8 (affected from 6.0.8),

  *  from 6.1 before 6.1.12-lts, 
  *  from 6.2 before 6.2.8-lts, 
  *  from 6.3 before 6.3.3-r2; 




This issue affects Session Smart Conductor: 



  *  from 5.6.7 before 5.6.17, 
  *  from 6.0 before 6.0.8 (affected from 6.0.8),

  *  from 6.1 before 6.1.12-lts, 
  *  from 6.2 before 6.2.8-lts, 
  *  from 6.3 before 6.3.3-r2; 




This issue affects WAN Assurance Managed Routers: 



  *  from 5.6.7 before 5.6.17, 
  *  from 6.0 before 6.0.8 (affected from 6.0.8),

  *  from 6.1 before 6.1.12-lts, 
  *  from 6.2 before 6.2.8-lts, 
  *  from 6.3 before 6.3.3-r2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
juniper	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Common Weakness Enumeration

CWE-288 - Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References

https://kb.juniper.net/JSA94663

https://support.juniper.net/support/eol/software/ssr/

https://supportportal.juniper.net/