CVE-2025-30654

CWE-200Information Exposure4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 79.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedApr 9

Description

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolved22.2-EVO22.2R3-S6-EVO+4
CVEListV5juniper_networks/junos_os22.222.2R3-S5+4
NVDjuniper/junos< 21.4+5

🔴Vulnerability Details

2
CVEList
Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information2025-04-09
GHSA
GHSA-3v9w-wc2q-vg5f: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolv2025-04-09

📋Vendor Advisories

1
Juniper
CVE-2025-30654: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolv2025-04-09
CVE-2025-30654 (MEDIUM CVSS 6.8) | An Exposure of Sensitive Informatio | cvebase.io