Improper Isolation in Junos OS by Juniper Networks Allows Local Privilege Escalation
CVE-2025-21590

6.7MEDIUM

Key Information:

Status
Vendor
CVE Published:
12 March 2025

Badges

📈 Score: 537💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-21590?

CVE-2025-21590 is a vulnerability identified in Junos OS, an operating system developed by Juniper Networks that is widely used in network devices such as routers and switches. This vulnerability arises from improper isolation within the kernel, enabling a local attacker with high privileges to compromise the device's integrity. If exploited, the attacker can inject arbitrary code, potentially causing severe disruptions and degrading the overall security posture of affected organizations.

Technical Details

This vulnerability exists in various versions of Junos OS, specifically those prior to 21.2R3-S9 and several other subsequent releases. It is categorized as a local privilege escalation vulnerability, meaning it requires the attacker to have some level of already high access to the device, such as shell access, to exploit the weakness. Notably, the issue is not exploitable via the Junos command-line interface, limiting the attack vectors. Organizations using affected versions of Junos OS need to be vigilant about their deployed systems and ensure they are updated to the latest secure versions to mitigate risk.

Potential Impact of CVE-2025-21590

  1. Compromise of Device Integrity: Attackers can inject arbitrary code, allowing them to alter device configurations or manipulate network traffic. This can lead to unauthorized changes that may facilitate further attacks or continuous intrusions.

  2. Increased Attack Surface: By gaining high-level access to the device, attackers could pivot to other critical systems on the network, escalating the impact of the breach beyond the initial target.

  3. Potential for Data Breaches: The ability to manipulate or redirect network traffic may result in data being intercepted or exfiltrated, leading to significant data breaches and loss of sensitive information for affected organizations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4R3-S10

Junos OS 22.2 < 22.2R3-S6

News Articles

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

2 weeks ago

Juniper patches bug that let Chinese cyberspies backdoor routers

​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access.

3 weeks ago

Juniper MX routers targeted by China-nexus threat group using custom backdoors

The devices have reached end-of-life status and need to be upgraded, as the company has issued in a security advisory.

3 weeks ago

References

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V4

Score:
6.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 💰

    Used in Ransomware

  • 🦅

    CISA Reported

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Cybersecurity Dive

  • Vulnerability published

  • Vulnerability Reserved

Credit

Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability.
.