CVE-2025-21590

Known Exploited
Junos OS: An local attacker with shell access can execute arbitrary code

Description

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.

Remediation

Solution:

  • The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.   Please note that this issue is not fixed for all platforms in the releases specified in the solution section. For the following products the fix is only available in these releases: SRX300 Series   21.2R3-S9, 23.4R2-S5*, 24.4R1 SRX550HM    22.2R3-S7* EX4300 Series     21.4R3-S11* (except EX4300-48MP which has fixes available as indicated in the solution) EX4600               21.4R3-S11* (except EX4650 which has fixes available as indicated in the solution) ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX500              21.2R3-S9 MX104               21.2R3-S9 * Future Release

Workaround:

  • It is strongly recommended to mitigate the risk of exploitation by restricting shell access to trusted users only.

Category

6.7
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.96% Top 25%
KEV Since 
Vendor Advisory juniper.net
Affected: Juniper Networks Junos OS
Published at:
Updated at:

References

Link Tags
https://supportportal.juniper.net/JSA93446 vendor advisory
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers third party advisory

Frequently Asked Questions

What is the severity of CVE-2025-21590?
CVE-2025-21590 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21590?
To fix CVE-2025-21590: The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.   Please note that this issue is not fixed for all platforms in the releases specified in the solution section. For the following products the fix is only available in these releases: SRX300 Series   21.2R3-S9, 23.4R2-S5*, 24.4R1 SRX550HM    22.2R3-S7* EX4300 Series     21.4R3-S11* (except EX4300-48MP which has fixes available as indicated in the solution) EX4600               21.4R3-S11* (except EX4650 which has fixes available as indicated in the solution) ACX1000, ACX1100, ACX2100, ACX2200, ACX4000, ACX500              21.2R3-S9 MX104               21.2R3-S9 * Future Release
Is CVE-2025-21590 being actively exploited in the wild?
It is confirmed that CVE-2025-21590 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21590?
CVE-2025-21590 affects Juniper Networks Junos OS.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.