CVE-2025-52989

11.07.2025, 16:15

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.



A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command,can change any part of the device configuration.




This issue affects:

Junos OS:



  *  all versions before 22.2R3-S7,
  *  22.4 versions before 22.4R3-S7,
  *  23.2 versions before 23.2R2-S4,
  *  23.4 versions before 23.4R2-S4,
  *  24.2 versions before 24.2R2-S1,
  *  24.4 versions before 24.4R1-S2, 24.4R2;




Junos OS Evolved:



  *  all versions before 22.4R3-S7-EVO,
  *  23.2-EVO versions before 23.2R2-S4-EVO,
  *  23.4-EVO versions before 23.4R2-S5-EVO,
  *  24.2-EVO versions before 24.2R2-S1-EVO



  *  24.4-EVO versions before 24.4R2-EVO.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
juniper	CNA	5.1 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-140 - Improper Neutralization of Delimiters
The software does not neutralize or incorrectly neutralizes delimiters.

Vulnerability Media Exposure

[GERMAN] Juniper JUNOS: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Ein entfernter Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper MX Series, Juniper SRX Series und Juniper Security Director ausnutzen, um Daten zu manipulieren oder offenzulegen, Sicherheitsmaßnahmen zu umgehen, Code auszuführen, einen Denial of Service zu verursachen oder seine Privilegien zu erweitern.
Published: 2025-07-09T22:00:00+00:00

References

https://supportportal.juniper.net/JSA100096