Platform
juniper
Component
junos
Fixed in
22.4R3-S8
23.2R2-S6
23.4R2-S6
24.2R2-S3
24.4R2
25.2R2
CVE-2025-30650 describes a Missing Authentication vulnerability affecting Juniper Networks Junos OS. This flaw allows a privileged local attacker to gain root access on Linux-based line cards within the system, potentially leading to complete system compromise. The vulnerability impacts various Junos OS versions from 0.0.0 up to and including 25.2R2, specifically affecting line cards like MPC7, LC2101, MX304, and others listed in the vulnerability details. A patch is available in Junos OS 25.2R2.
CVE-2025-30650 in Junos OS affects devices utilizing Linux-based line cards, including MPC7, MPC8, MPC9, MPC10, MPC11, LC2101, LC2103, LC480, LC4800, LC9600, MX304 (integrated FPC), MX-SPC3, SRX5K-SPC3, EX9200-40XS, FPC3-PTX-U2, FPC3-PTX-U3, and FPC3-SF. A privileged local attacker can exploit this missing authentication flaw in command processing to gain root access on these Linux line cards. This could allow the attacker to execute arbitrary commands, access sensitive data, and compromise the device's integrity. The CVSS score is 6.7, indicating a moderate risk.
The vulnerability is exploited through command processing on the Linux-based line cards. A privileged local attacker can send malicious commands that, due to the lack of authentication, are executed with root privileges on the line card. This requires physical or console access to the affected device. Exploitation is relatively straightforward if local access is obtained, increasing the risk. The absence of a KEV does not diminish the need to apply the fix, as the vulnerability is significant.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
Juniper Networks recommends upgrading to Junos OS version 25.2R2 or later to mitigate this vulnerability. The upgrade corrects the missing authentication in command processing that allows unauthorized access. In the interim, limiting local access to Junos OS devices and reviewing security policies is recommended. Monitoring system logs for suspicious activity can also help detect potential exploitation attempts. Although no KEV (Knowledge Engine Vulnerability) is published, the severity of the vulnerability warrants a prioritized update.
Update to a fixed version of Junos OS (22.4R3-S8 or later, 23.2R2-S6 or later, 23.4R2-S6 or later, 24.2R2-S3 or later, 24.4R2 or later, or 25.2R2 or later) to mitigate the vulnerability. Refer to Juniper Networks documentation for detailed instructions on how to update your system.
Vulnerability analysis and critical alerts directly to your inbox.
In Linux systems, 'root' is the user with the highest privileges. Gaining root access allows the attacker to completely control the system.
If you cannot upgrade immediately, limit local access to the device and monitor logs for suspicious activity.
The absence of a KEV does not mean the vulnerability is not real. Juniper may choose not to publish a KEV for various reasons, but the severity of the vulnerability justifies applying the fix.
An attacker could access device configurations, encryption keys, traffic logs, and other sensitive data stored on the line card.
Check the Junos OS version you are running and whether you are using any of the affected line cards listed in the vulnerability description.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.