CVE-2025-52963

Junos OS: A low-privileged user can disable an interface

Description

An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2.

Remediation

Solution:

The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases.

Workaround:

Utilize CLI authorization to disallow execution of the 'request interface' command. Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.

References

Link	Tags
https://supportportal.juniper.net/JSA100078	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-52963?: CVE-2025-52963 has been scored as a medium severity vulnerability.
How to fix CVE-2025-52963?: To fix CVE-2025-52963: The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases.
Is CVE-2025-52963 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-52963 is being actively exploited.
What software or system is affected by CVE-2025-52963?: CVE-2025-52963 affects Juniper Networks Junos OS.

Description

Remediation

Category

CWE-284 – Improper Access Control

References

Frequently Asked Questions