CVE-2025-52983 Information

Jul 12, 2025 cve

Description

A UI Discrepancy for Security Feature

vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based unauthenticated attacker to access the device.

On VM Host Routing Engines (RE) even if the configured public key for root has been removed remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS:

all versions before 22.2R3-S7
22.4 versions before 22.4R3-S5
23.2 versions before 23.2R2-S3
23.4 versions before 23.4R2-S3
24.2 versions before 24.2R1-S2 24.2R2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://supportportal.juniper.net/JSA100089 https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/vm-host-overview.html#id-routing-engines-with-vm-host-support

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2

CNNVD-202507-1668 (Published: 2025-07-11)

Share on:

CVE-2025-52983 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD