medium
6.8
CWE
200
Advisory Published
Updated

CVE-2025-30654: Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information

First published: Wed Apr 09 2025(Updated: )

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information.  Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system. This issue affects Junos OS:  * All versions before 21.4R3-S10, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3. Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S3-EVO.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper JUNOS<21.4R3-S10>22.2<22.2R3-S5>22.4<22.4R3-S5>23.2<23.2R2-S3>23.4<23.4R2-S3
Juniper Networks Junos OS<21.4R3-S10-EVO>22.2-EVO<22.2R3-S6-EVO>22.4-EVO<22.4R3-S5-EVO>23.2-EVO<23.2R2-S3-EVO>23.4-EVO<23.4R2-S3-EVO

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S10, 22.2R3-S6, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1, and all subsequent releases. Junos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S3-EVO, 24.2R1-EVO, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2025-30654?

    CVE-2025-30654 is classified as a medium severity vulnerability due to the exposure of sensitive information to low-privileged authenticated users.

  • How do I fix CVE-2025-30654?

    To mitigate CVE-2025-30654, upgrade Junos OS or Junos OS Evolved to the latest version that addresses the vulnerability.

  • Who is affected by CVE-2025-30654?

    CVE-2025-30654 affects users of Juniper Networks Junos OS and Junos OS Evolved, particularly low-privileged authenticated users.

  • What type of information is exposed in CVE-2025-30654?

    CVE-2025-30654 allows access to sensitive information potentially impacting the confidentiality of data in the system.

  • Can CVE-2025-30654 be exploited remotely?

    No, CVE-2025-30654 requires local access and authenticated credentials to exploit the vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203