CVE-2025-52983

11.07.2025, 16:15

A UI Discrepancy for Security Feature

vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.



On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root.
This issue affects Junos OS:



  *  all versions before 22.2R3-S7,
  *  22.4 versions before 22.4R3-S5,
  *  23.2 versions before 23.2R2-S3,
  *  23.4 versions before 23.4R2-S3,
  *  24.2 versions before 24.2R1-S2, 24.2R2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
juniper	CNA	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-446 - UI Discrepancy for Security Feature
The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.

Vulnerability Media Exposure

[GERMAN] Juniper JUNOS: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Ein entfernter Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper MX Series, Juniper SRX Series und Juniper Security Director ausnutzen, um Daten zu manipulieren oder offenzulegen, Sicherheitsmaßnahmen zu umgehen, Code auszuführen, einen Denial of Service zu verursachen oder seine Privilegien zu erweitern.
Published: 2025-07-09T22:00:00+00:00

References

https://supportportal.juniper.net/JSA100089

https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/vm-host-overview.html#id-routing-engines-with-vm-host-support