Juniper Junos OS Remote Code Execution Vulnerability

Release Date: 14 Mar 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

A vulnerability has been identified in Juniper Junos OS. An attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2025-21590 is being exploited in the wild. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. Since the exploitation requires high privileges, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Junos OS All versions before 21.2R3-S9
• Junos OS 21.4 versions before 21.4R3-S10
• Junos OS 22.2 versions before 22.2R3-S6 
• Junos OS 22.4 versions before 22.4R3-S6 
• Junos OS 23.2 versions before 23.2R2-S3 
• Junos OS 23.4 versions before 23.4R2-S4
• Junos OS 24.2 versions before 24.2R1-S2, 24.2R2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US

---

Vulnerability Identifier

• CVE-2025-21590

---

Source

• Juniper Network

---

Related Link

• https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US
• https://www.cisa.gov/news-events/alerts/2025/03/13/cisa-adds-two-known-exploited-vulnerabilities-catalog