CVE-2025-52989

MEDIUM

5.1

Descricao

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration. This issue affects: Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S5-EVO, * 24.2-EVO versions before 24.2R2-S1-EVO * 24.4-EVO versions before 24.4R2-EVO.

Detalhes CVE

Pontuacao CVSS v3.15.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosHIGH

Interacao do usuarioNONE

Publicado7/11/2025

Ultima modificacao1/23/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

juniper:junosjuniper:junos_os_evolved

Fraquezas (CWE)

CWE-140

Referencias

https://supportportal.juniper.net/JSA100096(sirt@juniper.net)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.