CVE-2025-52954 Information

Jul 12, 2025 cve

Description

A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local low-privileged user to gain root privileges leading to a system compromise.

Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration and thus compromise the system.

This issue affects Junos OS Evolved:

All versions before 22.2R3-S7-EVO 
from 22.4 before 22.4R3-S7-EVO 
from 23.2 before 23.2R2-S4-EVO 
from 23.4 before 23.4R2-S5-EVO 
from 24.2 before 24.2R2-S1-EVO
from 24.4 before 24.4R1-S2-EVO 24.4R2-EVO.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://supportportal.juniper.net/JSA100060

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

CNNVD-202507-1659 (Published: 2025-07-11)

Share on:

CVE-2025-52954 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD