Skip to main content

Juniper EUVDEUVD-2025-209320

| CVE-2025-30650 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-04-08 juniper
8.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:01 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
24.2R2-S3,23.4R2-S6,23.2R2-S6
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209320
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
CVE Published
Apr 08, 2026 - 17:26 nvd
HIGH 8.4

DescriptionCVE.org

A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved

as root.

This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:

  • MPC7, MPC8, MPC9, MPC10, MPC11
  • LC2101, LC2103
  • LC480, LC4800, LC9600
  • MX304 (built-in FPC)
  • MX-SPC3
  • SRX5K-SPC3
  • EX9200-40XS
  • FPC3-PTX-U2, FPC3-PTX-U3
  • FPC3-SFF-PTX
  • LC1101, LC1102, LC1104, LC1105

This issue affects Junos OS:

  • all versions before 22.4R3-S8,
  • from 23.2 before 23.2R2-S6,
  • from 23.4 before 23.4R2-S6,
  • from 24.2 before 24.2R2-S3,
  • from 24.4 before 24.4R2,
  • from 25.2 before 25.2R2.

AnalysisAI

Privilege escalation in Juniper Networks Junos OS allows high-privileged local attackers to gain root access on Linux-based line cards running Junos OS Evolved. Missing authentication in critical command processing functions enables authenticated administrators with elevated privileges to bypass access controls and execute commands as root on affected hardware modules including MPC7-11, LC2101/2103, LC480/4800/9600, MX304 built-in FPC, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and PTX-series line cards. No public exploit identified at time of analysis.

Technical ContextAI

CWE-306 authentication bypass in command processing subsystem permits privileged local users to interact with Linux-based forwarding plane cards without proper credential verification. Attack requires local access vector with high privileges (CVSS PR:H), exploiting missing authentication controls in inter-process communication channels between control plane (Junos OS) and data plane components (Junos OS Evolved on line cards).

RemediationAI

Vendor-released patches: upgrade to Junos OS 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, or 25.2R2 depending on active release train. Prioritize systems with affected Linux-based line cards listed in affected products. Implement least-privilege access controls to limit high-privilege local account usage until patching completes. Monitor administrative session logs for anomalous command execution on forwarding plane components. Apply role-based access restrictions to reduce attack surface from privileged accounts. Official advisory: https://supportportal.juniper.net/JSA107863 and https://kb.juniper.net/JSA107863. Security research context: https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq

CVE-2015-7755 CRITICAL POC
9.8 Dec 19

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r

CVE-2025-21590 MEDIUM
6.7 Mar 12

A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: acti

CVE-2023-36845 CRITICAL POC
9.8 Aug 17

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all

CVE-2013-6618 CRITICAL POC
9.0 Nov 05

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,

CVE-2017-10622 CRITICAL
9.8 Oct 13

An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote un

CVE-2018-20193 HIGH POC
8.8 Dec 21

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by

CVE-2014-6380 HIGH POC
7.8 Oct 14

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor

CVE-2021-0253 HIGH POC
7.8 Apr 22

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al

CVE-2021-0252 HIGH POC
7.8 Apr 22

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow

CVE-2019-0053 HIGH POC
7.8 Jul 11

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe

CVE-2023-22415 HIGH POC
7.5 Jan 13

An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba

CVE-2022-22223 HIGH POC
7.5 Oct 18

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P

Share

EUVD-2025-209320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy