CVE-2025-52985

Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching

Description

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn't not affect Junos OS Evolved versions before 23.2R1-EVO.

Remediation

Solution:

  • The following software releases have been updated to resolve this specific issue: 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.

Workaround:

  • A workaround for this issue is to refer to the prefix list either with the 'source-prefix-list' or the 'destination-prefix-list' match condition ('from').

Category

6.9
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
Vendor Advisory juniper.net
Affected: Juniper Networks Junos OS Evolved
Published at:
Updated at:

References

Link Tags
https://supportportal.juniper.net/JSA100091 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-52985?
CVE-2025-52985 has been scored as a medium severity vulnerability.
How to fix CVE-2025-52985?
To fix CVE-2025-52985: The following software releases have been updated to resolve this specific issue: 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.
Is CVE-2025-52985 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-52985 is being actively exploited.
What software or system is affected by CVE-2025-52985?
CVE-2025-52985 affects Juniper Networks Junos OS Evolved.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.