PT-2025-11046 · Juniper Networks · Junos
Published
2025-03-12
·
Updated
2026-05-14
·
CVE-2025-21590
CVSS v4.0
6.7
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Junos OS versions prior to 21.2R3-S9
Juniper Junos OS versions 21.4 before 21.4R3-S10
Juniper Junos OS versions 22.2 before 22.2R3-S6
Juniper Junos OS versions 22.4 before 22.4R3-S6
Juniper Junos OS versions 23.2 before 23.2R2-S3
Juniper Junos OS versions 23.4 before 23.4R2-S4
Juniper Junos OS versions 24.2 before 24.2R1-S2 and 24.2R2
Description
An Improper Isolation or Compartmentalization vulnerability exists in the kernel of Juniper Networks Junos OS. This vulnerability allows a local attacker with high privileges to compromise the integrity of the device by injecting arbitrary code. The issue is not exploitable from the Junos CLI. This vulnerability is actively exploited by the China-linked threat actor UNC3886, who have been deploying customized TINYSHELL backdoors on affected devices since mid-2024. The attackers bypass the Veriexec file integrity system by injecting malicious code into the memory of a trusted process. Federal agencies have been mandated to address this vulnerability by April 3rd.
Recommendations
Juniper Junos OS versions prior to 21.2R3-S9: Upgrade to version 21.2R3-S9 or later.
Juniper Junos OS versions 21.4 before 21.4R3-S10: Upgrade to version 21.4R3-S10 or later.
Juniper Junos OS versions 22.2 before 22.2R3-S6: Upgrade to version 22.2R3-S6 or later.
Juniper Junos OS versions 22.4 before 22.4R3-S6: Upgrade to version 22.4R3-S6 or later.
Juniper Junos OS versions 23.2 before 23.2R2-S3: Upgrade to version 23.2R2-S3 or later.
Juniper Junos OS versions 23.4 before 23.4R2-S4: Upgrade to version 23.4R2-S4 or later.
Juniper Junos OS versions 24.2 before 24.2R1-S2 and 24.2R2: Upgrade to version 24.2R1-S2 or later.
Restrict shell access to trusted users.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos