Vulnerability Description
A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system. This issue affects Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S5-EVO, * from 24.2 before 24.2R2-S1-EVO * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos Os Evolved | < 22.2 |
Related Weaknesses (CWE)
References
- https://supportportal.juniper.net/JSA100060Vendor Advisory
FAQ
What is CVE-2025-52954?
CVE-2025-52954 is a vulnerability with a CVSS score of 7.8 (HIGH). A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to ...
How severe is CVE-2025-52954?
CVE-2025-52954 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52954?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos Os Evolved.