CVE-2025-52983

{"id": "CVE-2025-52983", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T16:15:25.523", "references": [{"url": "https://supportportal.juniper.net/JSA100089", "source": "sirt@juniper.net"}, {"url": "https://www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/vm-host-overview.html#id-routing-engines-with-vm-host-support", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-446"}]}], "descriptions": [{"lang": "en", "value": "A UI Discrepancy for Security Feature\n\nvulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.\n\n\n\nOn VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root.\nThis issue affects Junos OS:\n\n\n\n * all versions before 22.2R3-S7,\n * 22.4 versions before 22.4R3-S5,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S3,\n * 24.2 versions before 24.2R1-S2, 24.2R2."}, {"lang": "es", "value": "Una vulnerabilidad de discrepancia en la interfaz de usuario (IU) para la funci\u00f3n de seguridad en la interfaz de usuario de Juniper Networks Junos OS en sistemas host de m\u00e1quina virtual permite que un atacante no autenticado acceda al dispositivo. En los motores de enrutamiento (RE) de host de m\u00e1quina virtual, incluso si se ha eliminado la clave p\u00fablica configurada para root, los usuarios remotos que poseen la clave privada correspondiente a\u00fan pueden iniciar sesi\u00f3n como root. Este problema afecta a Junos OS: * todas las versiones anteriores a 22.2R3-S7, * versiones 22.4 anteriores a 22.4R3-S5, * versiones 23.2 anteriores a 23.2R2-S3, * versiones 23.4 anteriores a 23.4R2-S3, * versiones 24.2 anteriores a 24.2R1-S2 y 24.2R2."}], "lastModified": "2025-07-15T13:14:49.980", "sourceIdentifier": "sirt@juniper.net"}