Vulnerability Description
An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration. This issue affects: Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S5-EVO, * 24.2-EVO versions before 24.2R2-S1-EVO * 24.4-EVO versions before 24.4R2-EVO.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | < 22.2 |
| Juniper | Junos Os Evolved | < 22.4 |
Related Weaknesses (CWE)
References
- https://supportportal.juniper.net/JSA100096Vendor Advisory
FAQ
What is CVE-2025-52989?
CVE-2025-52989 is a vulnerability with a CVSS score of 5.1 (MEDIUM). An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system conf...
How severe is CVE-2025-52989?
CVE-2025-52989 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52989?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Junos Os Evolved.