Vulnerability Description
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | < 22.2 |
Related Weaknesses (CWE)
References
- https://supportportal.juniper.net/JSA100089Vendor Advisory
- https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgradeTechnical Description
FAQ
What is CVE-2025-52983?
CVE-2025-52983 is a vulnerability with a CVSS score of 7.2 (HIGH). A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Rout...
How severe is CVE-2025-52983?
CVE-2025-52983 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52983?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos.