CVE-2025-30661

EPSS 0.02%
Published 11.07.2025 14:38:52
Last modified 15.07.2025 13:14:49
Source sirt@juniper.net
Teams watchlist Login
Open Login

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation.

A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system.

This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C.

This issue affects Junos OS:  *  from 23.2 before 23.2R2-S4, 
  *  from 23.4 before 23.4R2-S5, 
  *  from 24.2 before 24.2R2-S1, 
  *  from 24.4 before 24.4R1-S3, 24.4R2.






This issue does not affect versions prior to 23.1R2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorJuniper Networks

≫

Product Junos OS

Default Statusunaffected

Version < 23.2R2-S4

Version 23.2

Status affected

Version < 23.4R2-S5

Version 23.4

Status affected

Version < 24.2R2-S1

Version 24.2

Status affected

Version < 24.4R1-S3, 24.4R2

Version 24.4

Status affected

Version < 23.1R2

Version 0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
sirt@juniper.net	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
sirt@juniper.net	8.5	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:Amber

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://supportportal.juniper.net/JSA100057

https://github.com/orangecertcc/security-research/security/advisories/GHSA-2p66-9j7x-fmch

https://nvd.nist.gov/vuln/detail/CVE-2025-30661

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30661

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30661

EUVD