CVE-2025-21592Sensitive Information Exposure in Networks Junos OS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 84.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 9

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protect

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.222.2R3-S5+5
NVDjuniper/junos< 21.4+6

🔴Vulnerability Details

2
GHSA
GHSA-gq7r-crg9-j93x: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Se2025-01-09
CVEList
Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system2025-01-09

📋Vendor Advisories

1
Juniper
CVE-2025-21592: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Se2025-01-09
CVE-2025-21592 — Sensitive Information Exposure | cvebase