CVE-2025-52954

CWE-862Missing Authorization4 documents4 sources
Severity
8.5HIGH
EPSS
0.0%
top 93.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJul 11

Description

A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system. This issue affects Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4 before 2

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved22.422.4R3-S7-EVO+5

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromising the system2025-07-11
GHSA
GHSA-m3w7-vqq8-286x: A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-pr2025-07-11

📋Vendor Advisories

1
Juniper
CVE-2025-52954: A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-pr2025-07-11
CVE-2025-52954 (HIGH CVSS 8.5) | A Missing Authorization vulnerabili | cvebase.io