CVE-2025-52989
published 2025-07-11CVE-2025-52989: An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with…
medium6.8CVSS 4.0
AVLACLATNPRHUINVCNVIHVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRUVXREMUX
An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.
A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration.
This issue affects:
Junos OS:
* all versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S7,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R1-S2, 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S7-EVO,
* 23.2-EVO versions before 23.2R2-S4-EVO,
* 23.4-EVO versions before 23.4R2-S5-EVO,
* 24.2-EVO versions before 24.2R2-S1-EVO
* 24.4-EVO versions before 24.4R2-EVO.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | < 22.2 | 22.2 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | junos_os_evolved | < 22.4 | 22.4 |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper_networks | junos_os | < 22.2R3-S7 | 22.2R3-S7 |
| juniper_networks | junos_os | >= 22.4 < 22.4R3-S7 | 22.4R3-S7 |
| juniper_networks | junos_os | >= 23.2 < 23.2R2-S4 | 23.2R2-S4 |
| juniper_networks | junos_os | >= 23.4 < 23.4R2-S4 | 23.4R2-S4 |
| juniper_networks | junos_os | >= 24.2 < 24.2R2-S1 | 24.2R2-S1 |
| juniper_networks | junos_os | >= 24.4 < 24.4R1-S2, 24.4R2 | 24.4R1-S2, 24.4R2 |
| juniper_networks | junos_os_evolved | < 22.4R3-S7-EVO | 22.4R3-S7-EVO |
| juniper_networks | junos_os_evolved | >= 23.2-EVO < 23.2R2-S4-EVO | 23.2R2-S4-EVO |
| juniper_networks | junos_os_evolved | >= 23.4-EVO < 23.4R2-S5-EVO | 23.4R2-S5-EVO |
| juniper_networks | junos_os_evolved | >= 24.2-EVO < 24.2R2-S1-EVO | 24.2R2-S1-EVO |
| juniper_networks | junos_os_evolved | >= 24.4-EVO < 24.4R2-EVO | 24.4R2-EVO |