First published: Wed Mar 12 2025(Updated: )
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper Junos | ||
Junos OS Evolved | <=21.2 | |
Junos OS Evolved | =21.2-r1 | |
Junos OS Evolved | =21.2-r1-s1 | |
Junos OS Evolved | =21.2-r1-s2 | |
Junos OS Evolved | =21.2-r2 | |
Junos OS Evolved | =21.2-r2-s1 | |
Junos OS Evolved | =21.2-r2-s2 | |
Junos OS Evolved | =21.2-r3 | |
Junos OS Evolved | =21.2-r3-s1 | |
Junos OS Evolved | =21.2-r3-s2 | |
Junos OS Evolved | =21.2-r3-s3 | |
Junos OS Evolved | =21.2-r3-s4 | |
Junos OS Evolved | =21.2-r3-s5 | |
Junos OS Evolved | =21.2-r3-s6 | |
Junos OS Evolved | =21.2-r3-s7 | |
Junos OS Evolved | =21.2-r3-s8 | |
Junos OS Evolved | =21.4 | |
Junos OS Evolved | =21.4 | |
Junos OS Evolved | =21.4-r1 | |
Junos OS Evolved | =21.4-r1-s1 | |
Junos OS Evolved | =21.4-r1-s2 | |
Junos OS Evolved | =21.4-r2 | |
Junos OS Evolved | =21.4-r2-s1 | |
Junos OS Evolved | =21.4-r2-s2 | |
Junos OS Evolved | =21.4-r3 | |
Junos OS Evolved | =21.4-r3-s1 | |
Junos OS Evolved | =21.4-r3-s2 | |
Junos OS Evolved | =21.4-r3-s3 | |
Junos OS Evolved | =21.4-r3-s4 | |
Junos OS Evolved | =21.4-r3-s5 | |
Junos OS Evolved | =21.4-r3-s6 | |
Junos OS Evolved | =21.4-r3-s7 | |
Junos OS Evolved | =21.4-r3-s8 | |
Junos OS Evolved | =21.4-r3-s9 | |
Junos OS Evolved | =22.2 | |
Junos OS Evolved | =22.2-r1 | |
Junos OS Evolved | =22.2-r1-s1 | |
Junos OS Evolved | =22.2-r1-s2 | |
Junos OS Evolved | =22.2-r2 | |
Junos OS Evolved | =22.2-r2-s1 | |
Junos OS Evolved | =22.2-r2-s2 | |
Junos OS Evolved | =22.2-r3 | |
Junos OS Evolved | =22.2-r3-s1 | |
Junos OS Evolved | =22.2-r3-s2 | |
Junos OS Evolved | =22.2-r3-s3 | |
Junos OS Evolved | =22.2-r3-s4 | |
Junos OS Evolved | =22.2-r3-s5 | |
Junos OS Evolved | =22.4 | |
Junos OS Evolved | =22.4 | |
Junos OS Evolved | =22.4-r1 | |
Junos OS Evolved | =22.4-r1-s1 | |
Junos OS Evolved | =22.4-r1-s2 | |
Junos OS Evolved | =22.4-r2 | |
Junos OS Evolved | =22.4-r2-s1 | |
Junos OS Evolved | =22.4-r2-s2 | |
Junos OS Evolved | =22.4-r3 | |
Junos OS Evolved | =22.4-r3-s1 | |
Junos OS Evolved | =22.4-r3-s2 | |
Junos OS Evolved | =22.4-r3-s3 | |
Junos OS Evolved | =22.4-r3-s4 | |
Junos OS Evolved | =22.4-r3-s5 | |
Junos OS Evolved | =23.2 | |
Junos OS Evolved | =23.2-r1 | |
Junos OS Evolved | =23.2-r1-s1 | |
Junos OS Evolved | =23.2-r1-s2 | |
Junos OS Evolved | =23.2-r2 | |
Junos OS Evolved | =23.2-r2-s1 | |
Junos OS Evolved | =23.2-r2-s2 | |
Junos OS Evolved | =23.4 | |
Junos OS Evolved | =23.4 | |
Junos OS Evolved | =23.4-r1 | |
Junos OS Evolved | =23.4-r1-s1 | |
Junos OS Evolved | =23.4-r1-s2 | |
Junos OS Evolved | =23.4-r2 | |
Junos OS Evolved | =23.4-r2-s1 | |
Junos OS Evolved | =23.4-r2-s2 | |
Junos OS Evolved | =23.4-r2-s3 | |
Junos OS Evolved | =24.2 | |
Junos OS Evolved | =24.2 | |
Junos OS Evolved | =24.2-r1 | |
Junos OS Evolved | =24.2-r1-s1 | |
Junos OS Evolved | =24.2-r2 | |
Juniper JUNOS | <21.2R3-S9<21.4R3-S10<22.2R3-S6<22.4R3-S6<23.2R2-S3<23.4R2-S4<24.2R1-S2<24.2R2 |
The following software releases have been updated to resolve this specific issue: 21.2R3-S9*, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4*, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases. * Future Release Note: The complete list of resolved platforms is still under investigation.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-21590 is rated as a high severity vulnerability due to its potential to compromise device integrity through improper isolation.
To mitigate CVE-2025-21590, it is recommended to update Junos OS to the latest version that addresses this vulnerability.
CVE-2025-21590 affects Juniper Networks Junos OS versions up to 24.2R2, including specific versions prior to this.
CVE-2025-21590 can be exploited by a local attacker with high privileges to inject arbitrary code that compromises the device.
Yes, CVE-2025-21590 has been publicly disclosed, allowing organizations to take necessary precautions and updates.