Local Access Vulnerability in Junos OS for SRX Series by Juniper Networks
CVE-2025-21592

5.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos OS
Vendor: CVE Published:; 9 January 2025

Summary

A vulnerability exists in the command-line interface (CLI) of Juniper Networks' Junos OS, impacting SRX Series devices. This issue allows local, low-privileged users access to sensitive files through specific commands, notably 'show services advanced-anti-malware' and 'show services security-intelligence'. Such unauthorized access can lead to the exposure of confidential data, potentially paving the way for further malicious activities.

References

https://supportportal.juniper.net/JSA92860

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2025