vulnerability
Juniper Junos OS: 2025-07 Security Bulletin: Junos OS: After removing ssh public key authentication root can still log in (JSA100089) (CVE-2025-52983)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Jul 9, 2025 | Sep 18, 2025 | Sep 18, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Jul 9, 2025
Added
Sep 18, 2025
Modified
Sep 18, 2025
Description
A UI Discrepancy for Security Feature
vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.
On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root.
This issue affects Junos OS:
* all versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S3,
* 24.2 versions before 24.2R1-S2, 24.2R2.
Solution
juniper-junos-os-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.