CVE-2025-60006

CWE-78OS Command Injection4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 70.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 9

Description

Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands, the options are processed via a script in some cases. These scripts are not hardened so injected commands might be executed via the shell, which allows an attacker to perform operations, which they

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved24.224.2R2-S2-EVO+1
NVDjuniper/junos_os_evolved24.2, 24.4+1

🔴Vulnerability Details

2
GHSA
GHSA-xcwm-53h2-9xwp: Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Junip2025-10-09
CVEList
Junos OS Evolved: OS command injection vulnerabilities fixed2025-10-09

📋Vendor Advisories

1
Juniper
CVE-2025-60006: Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juni2025-10-09
CVE-2025-60006 (MEDIUM CVSS 4.8) | Multiple instances of an Improper N | cvebase.io