Origin Validation Error in Junos OS on Juniper Networks EX4600 and QFX5000 Series
CVE-2025-59957

7HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
9 October 2025

Badges

👾 Exploit Exists

What is CVE-2025-59957?

An Origin Validation Error in Junos OS on Juniper Networks devices allows an unauthenticated attacker with physical access to create a hidden backdoor, enabling complete control over the system. If the device is misconfigured without a root password, an attacker can modify a crucial system file. This modification adds unauthorized configurations to the Junos settings, potentially allowing access to sensitive information and control without detection. The backdoor remains intact even after reboots or system resets, posing a significant security risk. Affected users should carefully examine the /etc/config/-defaults[-flex].conf file for unauthorized changes and compare it against an untouched version from a secure source. To rectify the issue, reinstallation from trusted physical media is required.

Affected Version(s)

Junos OS EX4600 0 < 21.4R3

Junos OS EX4600 22.2 < 22.2R3-S3

References

https://supportportal.juniper.net/JSA103146
vendor-advisory
https://supportportal.juniper.net/s/article/EX-QFX-Proced...
technical-description
https://support.juniper.net/support/requesting-support/
technical-description

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59957 : Origin Validation Error in Junos OS on Juniper Networks EX4600 and QFX5000 Series