CVE-2025-52985

CWE-4804 documents4 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 91.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJul 11

Description

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filt

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved23.2R2-S3-EVO23.2R2-S4-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching2025-07-11
GHSA
GHSA-c7mr-h37w-h53j: A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-base2025-07-11

📋Vendor Advisories

1
Juniper
CVE-2025-52985: A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-base2025-07-11
CVE-2025-52985 (MEDIUM CVSS 6.9) | A Use of Incorrect Operator vulnera | cvebase.io