Home

Description

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.

PUBLISHED Reserved 2025-06-23 | Published 2025-07-11 | Updated 2026-02-26 | Assigner juniper




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/R:U/RE:M

Problem types

CWE-446 UI Discrepancy for Security Feature

Product status

Default status
unaffected

Any version before 22.2R3-S7
affected

22.4 (semver) before 22.4R3-S5
affected

23.2 (semver) before 23.2R2-S3
affected

23.4 (semver) before 23.4R2-S3
affected

24.2 (semver) before 24.2R1-S2, 24.2R2
affected

References

supportportal.juniper.net/JSA100089 vendor-advisory

www.juniper.net/...de/topics/topic-map/vm-host-overview.html technical-description

cve.org (CVE-2025-52983)

nvd.nist.gov (CVE-2025-52983)

Download JSON