CVE-2025-30650

EUVD-2025-209320

08.04.2026, 19:24

A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved

 as root.

This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:
  *  MPC7, MPC8, MPC9, MPC10, MPC11
  *  LC2101, LC2103
  *  LC480, LC4800, LC9600
  *  MX304 (built-in FPC)
  *  MX-SPC3
  *  SRX5K-SPC3
  *  EX9200-40XS


  *  FPC3-PTX-U2, FPC3-PTX-U3
  *  FPC3-SFF-PTX
  *  LC1101, LC1102, LC1104, LC1105





This issue affects Junos OS: 



  *  all versions before 22.4R3-S8, 
  *  from 23.2 before 23.2R2-S6, 
  *  from 23.4 before 23.4R2-S6, 
  *  from 24.2 before 24.2R2-S3, 
  *  from 24.4 before 24.4R2,
  *  from 25.2 before 25.2R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq

https://kb.juniper.net/JSA107863

https://supportportal.juniper.net/JSA107863