CVE-2025-52983

CWE-4464 documents4 sources
Severity
8.6HIGH
EPSS
0.2%
top 54.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.422.4R3-S5+4
NVDjuniper/junos< 22.2+5

🔴Vulnerability Details

2
CVEList
Junos OS: After removing ssh public key authentication root can still log in2025-07-11
GHSA
GHSA-9cv5-8rg2-7cch: A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated2025-07-11

📋Vendor Advisories

1
Juniper
CVE-2025-52983: A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated2025-07-11
CVE-2025-52983 (HIGH CVSS 8.6) | A UI Discrepancy for Security Featu | cvebase.io