CVE-2025-52989

Juniper Networks Junos OS versions prior to 22.2R3-S7 Juniper Networks Junos OS versions 22.4 before 22.4R3-S7 Juniper Networks Junos OS versions 23.2 before 23.2R2-S4 Juniper Networks Junos OS versions 23.4 before 23.4R2-S4 Juniper Networks Junos OS versions 24.2 before 24.2R2-S1 Juniper Networks Junos OS versions 24.4 before 24.4R1-S2, 24.4R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S7-EVO Juniper Networks Junos OS Evolved versions 23.2-EVO before 23.2R2-S4-EVO Juniper Networks Junos OS Evolved versions 23.4-EVO before 23.4R2-S5-EVO Juniper Networks Junos OS Evolved versions 24.2-EVO before 24.2R2-S1-EVO Juniper Networks Junos OS Evolved versions 24.4-EVO before 24.4R2-EVO

An Improper Neutralization of Delimiters vulnerability exists in the UI of Juniper Networks Junos OS and Junos OS Evolved. This allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions can change any part of the device configuration by using a specifically crafted annotate configuration command.

Update Juniper Networks Junos OS to version 22.2R3-S7 or later. Update Juniper Networks Junos OS to version 22.4R3-S7 or later. Update Juniper Networks Junos OS to version 23.2R2-S4 or later. Update Juniper Networks Junos OS to version 23.4R2-S4 or later. Update Juniper Networks Junos OS to version 24.2R2-S1 or later. Update Juniper Networks Junos OS to version 24.4R1-S2 or 24.4R2 or later. Update Juniper Networks Junos OS Evolved to version 22.4R3-S7-EVO or later. Update Juniper Networks Junos OS Evolved to version 23.2R2-S4-EVO or later. Update Juniper Networks Junos OS Evolved to version 23.4R2-S5-EVO or later. Update Juniper Networks Junos OS Evolved to version 24.2R2-S1-EVO or later. Update Juniper Networks Junos OS Evolved to version 24.4R2-EVO or later.