CVE-2025-52985

EPSS 0.04%
Veröffentlicht 11.07.2025 15:09:58
Zuletzt bearbeitet 18.07.2025 08:15:27
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

A Use of Incorrect Operator

vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.

When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered.


This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output.
This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes.
This issue affects Junos OS Evolved:

  *  23.2R2-S3-EVO versions before 23.2R2-S4-EVO,
  *  23.4R2-S3-EVO versions before 23.4R2-S5-EVO,
  *  24.2R2-EVO versions before 24.2R2-S1-EVO,
  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.


This issue doesn't affect Junos OS Evolved versions before 23.2R1-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerJuniper Networks

≫

Produkt Junos OS Evolved

Default Statusunaffected

Version < 23.2R2-S4-EVO

Version 23.2R2-S3-EVO

Status affected

Version < 23.4R2-S5-EVO

Version 23.4R2-S3-EVO

Status affected

Version < 24.2R2-S1-EVO

Version 24.2R2-EVO

Status affected

Version < 24.4R1-S3-EVO, 24.4R2-EVO

Version 24.4-EVO

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.125

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-480 Use of Incorrect Operator

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

https://supportportal.juniper.net/JSA100091

https://nvd.nist.gov/vuln/detail/CVE-2025-52985

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52985

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52985

EUVD