CVE-2025-52983

7.2 HIGH
Published: July 11, 2025 Modified: January 23, 2026
View on NVD

Description

A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://supportportal.juniper.net/JSA100089
Source: sirt@juniper.net
Vendor Advisory
https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/vm-host-overview.html#id-routing-engines-with-vm-host-support
Source: sirt@juniper.net
Technical Description

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.2 / 10.0
EPSS (Exploit Probability)
0.2%
40th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-446

Affected Vendors

juniper

Related CVEs

CVE-2026-4783 6.3
CVE-2026-28895 N/A
CVE-2026-28894 N/A
CVE-2026-28893 N/A
CVE-2026-28892 N/A