Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
A UI Discrepancy for Security Feature
vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.
On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS:
- all versions before 22.2R3-S7,
- 22.4 versions before 22.4R3-S5,
- 23.2 versions before 23.2R2-S3,
- 23.4 versions before 23.4R2-S3,
- 24.2 versions before 24.2R1-S2, 24.2R2.
AnalysisAI
CVE-2025-52983 is a critical authentication bypass vulnerability in Juniper Networks Junos OS on VM Host Routing Engines where public keys configured for root access are not properly validated, allowing users possessing the corresponding private key to gain unauthorized root-level access even after the public key has been administratively removed from the system. This network-accessible vulnerability affects multiple Junos OS release branches and requires high privileges to configure but enables complete system compromise once exploited. While the CVSS score of 7.2 reflects significant impact, the practical risk depends on KEV designation and active exploitation status.
Technical ContextAI
The vulnerability resides in the SSH authentication implementation of Juniper Networks Junos OS running on VM Host Routing Engines (RE). The root cause stems from CWE-446 (UI Discrepancy for Security Feature), which indicates a mismatch between the security policy as presented in the user interface and the actual security enforcement at the system level. Specifically, when administrators remove a public key for the root user through the management UI, the underlying authentication mechanism fails to properly invalidate or synchronize this change, allowing SSH authentication to succeed with the corresponding private key despite the public key's removal. This affects CPE entries for Juniper Junos OS across multiple version branches: pre-22.2R3-S7, 22.4 before 22.4R3-S5, 23.2 before 23.2R2-S3, 23.4 before 23.4R2-S3, and 24.2 before 24.2R1-S2/24.2R2. The vulnerability is specific to VM Host configurations, suggesting it may relate to how key material is managed in virtualized routing engine environments versus physical hardware.
RemediationAI
Upgrade to patched versions: Junos OS 22.2R3-S7 or later for 22.2 branch; 22.4R3-S5 or later for 22.4 branch; 23.2R2-S3 or later for 23.2 branch; 23.4R2-S3 or later for 23.4 branch; 24.2R1-S2, 24.2R2, or later for 24.2 branch. Interim mitigations pending patch deployment: (1) restrict SSH access to root user through firewall rules and management interface ACLs; (2) rotate root private keys and regenerate public keys on affected systems; (3) audit SSH logs for unauthorized root access attempts and successful logins; (4) disable SSH root login if operationally feasible, using alternative authentication mechanisms for privileged access; (5) implement network-level authentication/2FA solutions if available. Consult Juniper Networks security advisory JSA-related documentation for exact patch filenames and deployment procedures. Verify patch applicability to VM Host configurations specifically before applying.
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fe
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,
Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an
An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21147