8.6

CVE-2025-52983

A UI Discrepancy for Security Feature

vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.



On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root.
This issue affects Junos OS:



  *  all versions before 22.2R3-S7,
  *  22.4 versions before 22.4R3-S5,
  *  23.2 versions before 23.2R2-S3,
  *  23.4 versions before 23.4R2-S3,
  *  24.2 versions before 24.2R1-S2, 24.2R2.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version < 22.2R3-S7
Version 0
Status affected
Version < 22.4R3-S5
Version 22.4
Status affected
Version < 23.2R2-S3
Version 23.2
Status affected
Version < 23.4R2-S3
Version 23.4
Status affected
Version < 24.2R1-S2, 24.2R2
Version 24.2
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.324
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
sirt@juniper.net 8.6 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X
CWE-446 UI Discrepancy for Security Feature

The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.