CVE-2025-52985 Information

Jul 12, 2025 cve

Description

A Use of Incorrect Operator

vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to bypass security restrictions.

When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with ‘from prefix-list’ and that prefix list contains more than 10 entries the prefix list doesn’t match and packets destined to or from the local device are not filtered.

This issue affects firewall filters applied to the re:mgmt interfaces as input and output but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved:

23.2R2-S3-EVO versions before 23.2R2-S4-EVO
23.4R2-S3-EVO versions before 23.4R2-S5-EVO
24.2R2-EVO versions before 24.2R2-S1-EVO
24.4-EVO versions before 24.4R1-S3-EVO 24.4R2-EVO.

This issue doesn’t not affect Junos OS Evolved versions before 23.2R1-EVO.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://supportportal.juniper.net/JSA100091

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3

CNNVD-202507-1670 (Published: 2025-07-11)

Share on:

CVE-2025-52985 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD