CVE-2025-52963

Summary

An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service.

Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS: 

  • All versions before 21.2R3-S9,
  • from 21.4 before 21.4R3-S11,
  • from 22.2 before 22.2R3-S7,
  • from 22.4 before 22.4R3-S7,
  • from 23.2 before 23.2R2-S4,
  • from 23.4 before 23.4R2-S5,  
  • from 24.2 before 24.2R2-S1,
  • from 24.4 before 24.4R1-S3, 24.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 21.2R3-S9affected
Juniper NetworksJunos OS21.4 < 21.4R3-S11affected
Juniper NetworksJunos OS22.2 < 22.2R3-S7affected
Juniper NetworksJunos OS22.4 < 22.4R3-S7affected
Juniper NetworksJunos OS23.2 < 23.2R2-S4affected
Juniper NetworksJunos OS23.4 < 23.4R2-S5affected
Juniper NetworksJunos OS24.2 < 24.2R2-S1affected
Juniper NetworksJunos OS24.4 < 24.4R1-S3, 24.4R2affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

Workarounds

Utilize CLI authorization to disallow execution of the 'request interface' command. Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References