Vulnerability Details : CVE-2025-21590
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.
A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.
This issue is not exploitable from the Junos CLI.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3-S6,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R1-S2, 24.2R2.
Products affected by CVE-2025-21590
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
CVE-2025-21590 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
CISA required action:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA description:
Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code.
Notes:
https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2025-21590
Added on
2025-03-13
Action due date
2025-04-03
Exploit prediction scoring system (EPSS) score for CVE-2025-21590
0.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2025-21590
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
0.8
|
3.6
|
Juniper Networks, Inc. | 2025-03-12 |
|
6.7
|
MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/V... |
N/A
|
N/A
|
Juniper Networks, Inc. | 2025-03-12 |
CWE ids for CVE-2025-21590
-
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.Assigned by: sirt@juniper.net (Primary)
References for CVE-2025-21590
-
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud BlogThird Party Advisory
-
https://supportportal.juniper.net/JSA93446
2025-03 Out-of-Cycle Security Bulletin: Junos OS: A local attacker with shell access can execute arbitrary code (CVE-2025-21590)Vendor Advisory
Jump to