CVE-2025-13914 | THREATINT

Description

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1.

PUBLISHED Reserved 2025-12-02 | Published 2026-04-09 | Updated 2026-04-14 | Assigner juniper

HIGH: 8.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

HIGH: 7.0CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/R:U/RE:M

Problem types

CWE-322 Key Exchange without Entity Authentication

Product status

Default status

unaffected

Any version before 6.1.1

affected

Credits

Juniper SIRT would like to acknowledge and thank the Federal Office for Information Security (BSI) for responsibly reporting this vulnerability. finder

References

kb.juniper.net/JSA107862 vendor-advisory

cve.org (CVE-2025-13914)

nvd.nist.gov (CVE-2025-13914)

Download JSON