Main Vulnerability Database SB2025021239

SB2025021239 - Authentication bypass in Juniper Session Smart products

Published: February 12, 2025

Security Bulletin ID SB2025021239

Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper authentication (CVE-ID: CVE-2025-21589)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an unspecified error in the authentication process. A remote non-authenticated attacker can bypass authentication and gain administrative access to the device.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589

SB2025021239 - Authentication bypass in Juniper Session Smart products

Breakdown by Severity

Description

Remediation

References

Please verify you're human