Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-52954

A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise.

Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system.

This issue affects Junos OS Evolved:

All versions before 22.2R3-S7-EVO,
from 22.4 before 22.4R3-S7-EVO,
from 23.2 before 23.2R2-S4-EVO,
from 23.4 before 23.4R2-S5-EVO,
from 24.2 before 24.2R2-S1-EVO
from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.

Published: Jul 11, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-52954
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-862

Affected Software
References

No affected software listed.

https://supportportal.juniper.net/JSA100060

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo