CVE-2025-52988

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S8 Juniper Networks Junos OS versions 22.2 before 22.2R3-S6 Juniper Networks Junos OS versions 22.3 before 22.3R3-S3 Juniper Networks Junos OS versions 22.4 before 22.4R3-S6 Juniper Networks Junos OS versions 23.2 before 23.2R2-S1 Juniper Networks Junos OS versions 23.4 before 23.4R1-S2 Juniper Networks Junos OS versions 23.4R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S6-EVO Juniper Networks Junos OS Evolved versions 23.2-EVO before 23.2R2-S1-EVO Juniper Networks Junos OS Evolved versions 23.4-EVO before 23.4R1-S2-EVO Juniper Networks Junos OS Evolved versions 23.4R2-EVO

Description: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists in the CLI of Juniper Networks Junos OS and Junos OS Evolved. This allows a high-privileged local attacker to escalate their privileges to root. The issue occurs when specifically crafted arguments are provided to the request system logout command, which are then executed as root on the shell, potentially leading to a complete device compromise.

Recommendations: Juniper Networks Junos OS versions prior to 21.2R3-S9: Upgrade to version 21.2R3-S9 or later. Juniper Networks Junos OS versions 21.4 before 21.4R3-S8: Upgrade to version 21.4R3-S8 or later. Juniper Networks Junos OS versions 22.2 before 22.2R3-S6: Upgrade to version 22.2R3-S6 or later. Juniper Networks Junos OS versions 22.3 before 22.3R3-S3: Upgrade to version 22.3R3-S3 or later. Juniper Networks Junos OS versions 22.4 before 22.4R3-S6: Upgrade to version 22.4R3-S6 or later. Juniper Networks Junos OS versions 23.2 before 23.2R2-S1: Upgrade to version 23.2R2-S1 or later. Juniper Networks Junos OS versions 23.4 before 23.4R1-S2: Upgrade to version 23.4R1-S2 or later. Juniper Networks Junos OS versions 23.4R2: No action is required. Juniper Networks Junos OS Evolved versions prior to 22.4R3-S6-EVO: Upgrade to version 22.4R3-S6-EVO or later. Juniper Networks Junos OS Evolved versions 23.2-EVO before 23.2R2-S1-EVO: Upgrade to version 23.2R2-S1-EVO or later. Juniper Networks Junos OS Evolved versions 23.4-EVO before 23.4R1-S2-EVO: Upgrade to version 23.4R1-S2-EVO or later. Juniper Networks Junos OS Evolved versions 23.4R2-EVO: No action is required.