CVE-2025-52963

CWE-284Improper Access Control4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 94.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.421.4R3-S11+7
NVDjuniper/junos< 21.2+8

🔴Vulnerability Details

2
GHSA
GHSA-8qj3-2ph6-53mq: An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down2025-07-11
CVEList
Junos OS: A low-privileged user can disable an interface2025-07-11

📋Vendor Advisories

1
Juniper
CVE-2025-52963: An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down2025-07-11
CVE-2025-52963 (MEDIUM CVSS 6.8) | An Improper Access Control vulnerab | cvebase.io