{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52988", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-06-23T18:23:44.546Z", "datePublished": "2025-07-11T15:11:24.991Z", "dateUpdated": "2025-07-12T03:55:14.636Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S9", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S8", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.2R3-S6", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S6", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S1", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R1-S2, 23.4R2", "status": "affected", "version": "23.4", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.4R3-S6-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "23.2R2-S1-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver"}, {"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO", "status": "affected", "version": "23.4-EVO", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "National Security Agency"}], "datePublic": "2025-07-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.<br><br>When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.<br><p>This issue affects:</p><p>Junos OS:&nbsp;</p><p></p><ul><li>all versions before 21.2R3-S9,</li><li>21.4 versions before 21.4R3-S8,</li><li>22.2 versions before 22.2R3-S6,</li><li>22.3 versions before 22.3R3-S3,</li><li>22.4 versions before 22.4R3-S6,</li><li>23.2 versions before 23.2R2-S1,</li><li>23.4 versions before 23.4R1-S2, 23.4R2;</li></ul><p></p><p>Junos OS Evolved:</p><p></p><ul><li>all versions before 22.4R3-S6-EVO,</li><li>23.2-EVO versions before 23.2R2-S1-EVO,</li><li>23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.</li></ul><p></p>"}], "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.\n\nWhen a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S6,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S1,\n * 23.4 versions before 23.4R1-S2, 23.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S6-EVO,\n * 23.2-EVO versions before 23.2R2-S1-EVO,\n * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.4, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2025-07-11T15:11:24.991Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA100095"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,&nbsp;and all subsequent releases;<br>Junos OS: 21.2R3-S9, 21.4R3-S8, 22.2R3-S6, 22.3R3-S3, 22.4R3-S6, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 21.2R3-S9, 21.4R3-S8, 22.2R3-S6, 22.3R3-S3, 22.4R3-S6, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases."}], "source": {"advisory": "JSA100095", "defect": ["1794613"], "discovery": "EXTERNAL"}, "title": "Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout'", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br><br>Utilize CLI authorization to disallow execution of the 'request system logout' command.<br>"}], "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the 'request system logout' command."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-52988"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-12T03:55:14.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52988", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-11T15:34:29.264920Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T15:34:32.579Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout'", "source": {"defect": ["1794613"], "advisory": "JSA100095", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "National Security Agency"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.4, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S9", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S8", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S6", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S6", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S1", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R1-S2, 23.4R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "22.4R3-S6-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R2-S1-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.4-EVO", "lessThan": "23.4R1-S2-EVO, 23.4R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 21.2R3-S9, 21.4R3-S8, 22.2R3-S6, 22.3R3-S3, 22.4R3-S6, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS Evolved: 22.4R3-S6-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO,&nbsp;and all subsequent releases;<br>Junos OS: 21.2R3-S9, 21.4R3-S8, 22.2R3-S6, 22.3R3-S3, 22.4R3-S6, 23.2R2-S1, 23.4R1-S2, 23.4R2, 24.2R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2025-07-09T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA100095", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the 'request system logout' command.", "supportingMedia": [{"type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br><br>Utilize CLI authorization to disallow execution of the 'request system logout' command.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.\n\nWhen a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S6,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S1,\n * 23.4 versions before 23.4R1-S2, 23.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S6-EVO,\n * 23.2-EVO versions before 23.2R2-S1-EVO,\n * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.", "supportingMedia": [{"type": "text/html", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.<br><br>When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.<br><p>This issue affects:</p><p>Junos OS:&nbsp;</p><p></p><ul><li>all versions before 21.2R3-S9,</li><li>21.4 versions before 21.4R3-S8,</li><li>22.2 versions before 22.2R3-S6,</li><li>22.3 versions before 22.3R3-S3,</li><li>22.4 versions before 22.4R3-S6,</li><li>23.2 versions before 23.2R2-S1,</li><li>23.4 versions before 23.4R1-S2, 23.4R2;</li></ul><p></p><p>Junos OS Evolved:</p><p></p><ul><li>all versions before 22.4R3-S6-EVO,</li><li>23.2-EVO versions before 23.2R2-S1-EVO,</li><li>23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.</li></ul><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2025-07-11T15:11:24.991Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52988", "state": "PUBLISHED", "dateUpdated": "2025-07-12T03:55:14.636Z", "dateReserved": "2025-06-23T18:23:44.546Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2025-07-11T15:11:24.991Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.\n\nWhen a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S6,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S1,\n * 23.4 versions before 23.4R1-S2, 23.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S6-EVO,\n * 23.2-EVO versions before 23.2R2-S1-EVO,\n * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comandos del sistema operativo') en la CLI de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local con privilegios elevados escale sus privilegios a root. Cuando un usuario proporciona argumentos espec\u00edficamente manipulados para el comando 'solicitar cierre de sesi\u00f3n del sistema', estos se ejecutar\u00e1n como root en el shell, lo que puede comprometer completamente el dispositivo. Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S9, * versiones 21.4 anteriores a 21.4R3-S8, * versiones 22.2 anteriores a 22.2R3-S6, * versiones 22.3 anteriores a 22.3R3-S3, * versiones 22.4 anteriores a 22.4R3-S6, * versiones 23.2 anteriores a 23.2R2-S1, * versiones 23.4 anteriores a 23.4R1-S2, 23.4R2; Junos OS Evolved: * todas las versiones anteriores a 22.4R3-S6-EVO, * versiones 23.2-EVO anteriores a 23.2R2-S1-EVO, * versiones 23.4-EVO anteriores a 23.4R1-S2-EVO, 23.4R2-EVO."}], "id": "CVE-2025-52988", "lastModified": "2025-07-15T13:14:49.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2025-07-11T16:15:26.187", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA100095"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}