OS Command Injection Vulnerability in Juniper Networks Junos OS
CVE-2025-52988

8.4HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-52988?

An OS Command Injection vulnerability exists in the CLI of Juniper Networks Junos OS and Junos OS Evolved. This security flaw permits a local attacker with high privileges to escalate their rights to root level. By supplying specially crafted arguments to the 'request system logout' command, an attacker can execute commands as root in the shell, posing a significant risk of compromising the device. This issue affects multiple versions across both Junos OS and Junos OS Evolved, highlighting the importance of timely updates to protect against potential exploitation.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4R3-S8

Junos OS 22.2 < 22.2R3-S6

References

https://supportportal.juniper.net/JSA100095

vendor-advisory

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025

Credit

National Security Agency