Exposure of Sensitive Information in Juniper Networks Junos OS
CVE-2025-30654

6.8MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

A vulnerability in the User Interface of Juniper Networks Junos OS and Junos OS Evolved allows low-privileged authenticated users to access sensitive information. By executing a specific show mgd command, attackers with limited permissions can retrieve sensitive data, including hashed passwords, which poses a risk for potential unauthorized access and impacts the overall security of the systems involved.

Affected Version(s)

Junos OS 0 < 21.4R3-S10

Junos OS 22.2 < 22.2R3-S5

Junos OS 22.4 < 22.4R3-S5

References

https://supportportal.juniper.net/JSA96464

vendor-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 24, 2025