How to fix CVE-2025-30661?

Within 24 hours: Identify and inventory all Juniper devices running affected Junos OS versions (23.2 before 23.2R2-S4, 23.4 before 23.4R2-S5, 24.2 before 24.2R2-S1, 24.4 before 24.4R1-S3/24.4R2) with the specified line card models. Within 7 days: Restrict local file system access to trusted administrators only, disable unnecessary line card functionality if possible, and implement enhanced monitoring for suspicious script activity. Within 30 days: Plan and execute upgrades to patched Junos OS versions as patches become available, or migrate critical traffic to unaffected devices.

Is Junos affected by CVE-2025-30661?

A privilege escalation vulnerability (CVE-2025-30661) in Juniper Junos OS affects specific line card models, allowing local users to gain root-level control of network devices.

CVE-2025-30661

EUVD-2025-21165 HIGH

2025-07-11 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 08:17 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 08:17 euvd

EUVD-2025-21165

CVE Published

Jul 11, 2025 - 15:15 nvd

HIGH 7.3

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system. This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. This issue affects Junos OS: * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2. This issue does not affect versions prior to 23.1R2.

Analysis

A remote code execution vulnerability in line card script processing of Juniper Networks Junos OS allows a local (CVSS 7.3). High severity vulnerability requiring prompt remediation.

Technical Context

CWE-732 (Incorrect Permissions). CVSS 7.3 indicates high severity. Affects line card script processing of Juniper Networks Junos OS allows a local.

Affected Products

['line card script processing of Juniper Networks Junos OS allows a local']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-30661 vulnerability details – vuln.today

Back

CVE-2025-30661

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-30661

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code