CVE-2025-52988

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S8, * 22.2 versions before 22.2R3-S6, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S1, * 23.4 versions before 23.4R1-S2, 23.4R2; Junos OS Evolved: * all versions before 22.4R3-S6-EVO, * 23.2-EVO versions before 23.2R2-S1-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA100095

Configurations

No configuration.

History

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 16:15

Updated : 2025-07-15 13:14

NVD link : CVE-2025-52988

Mitre link : CVE-2025-52988

CVE.ORG link : CVE-2025-52988

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-52988", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.4, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-11T16:15:26.187", "references": [{"url": "https://supportportal.juniper.net/JSA100095", "source": "sirt@juniper.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root.\n\nWhen a user provides specifically crafted arguments to the 'request system logout' command, these will be executed as root on the shell, which can completely compromise the device.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S8,\n * 22.2 versions before 22.2R3-S6,\n * 22.3 versions before 22.3R3-S3,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S1,\n * 23.4 versions before 23.4R1-S2, 23.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S6-EVO,\n * 23.2-EVO versions before 23.2R2-S1-EVO,\n * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('inyecci\u00f3n de comandos del sistema operativo') en la CLI de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante local con privilegios elevados escale sus privilegios a root. Cuando un usuario proporciona argumentos espec\u00edficamente manipulados para el comando 'solicitar cierre de sesi\u00f3n del sistema', estos se ejecutar\u00e1n como root en el shell, lo que puede comprometer completamente el dispositivo. Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S9, * versiones 21.4 anteriores a 21.4R3-S8, * versiones 22.2 anteriores a 22.2R3-S6, * versiones 22.3 anteriores a 22.3R3-S3, * versiones 22.4 anteriores a 22.4R3-S6, * versiones 23.2 anteriores a 23.2R2-S1, * versiones 23.4 anteriores a 23.4R1-S2, 23.4R2; Junos OS Evolved: * todas las versiones anteriores a 22.4R3-S6-EVO, * versiones 23.2-EVO anteriores a 23.2R2-S1-EVO, * versiones 23.4-EVO anteriores a 23.4R1-S2-EVO, 23.4R2-EVO."}], "lastModified": "2025-07-15T13:14:49.980", "sourceIdentifier": "sirt@juniper.net"}