CVE-2025-60010

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S4 Juniper Networks Junos OS versions 23.4 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2 through 24.2R2-S1 Juniper Networks Junos OS versions 24.4 through 24.4R1-S3, 24.4R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S8-EVO Juniper Networks Junos OS Evolved versions 23.2 through 23.2R2-S4-EVO Juniper Networks Junos OS Evolved versions 23.4 through 23.4R2-S5-EVO Juniper Networks Junos OS Evolved versions 24.2 through 24.2R2-S1-EVO Juniper Networks Junos OS Evolved versions 24.4 through 24.4R1-S3-EVO, 24.4R2-EVO

Description An issue exists in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved related to password aging. An authenticated, network-based attacker may gain access to the device without the required password change being enforced. Specifically, the system allows logins for users whose passwords have expired, as indicated by a reject response from the RADIUS server requiring a password change, bypassing the intended password change policy. This does not permit login with an incorrect password, only with a correct but expired one.

Recommendations Juniper Networks Junos OS versions prior to 22.4R3-S8 should be upgraded to version 22.4R3-S8 or later. Juniper Networks Junos OS versions 23.2 through 23.2R2-S4 should be upgraded to version 23.2R2-S4 or later. Juniper Networks Junos OS versions 23.4 through 23.4R2-S5 should be upgraded to version 23.4R2-S5 or later. Juniper Networks Junos OS versions 24.2 through 24.2R2-S1 should be upgraded to version 24.2R2-S1 or later. Juniper Networks Junos OS versions 24.4 through 24.4R1-S3, 24.4R2 should be upgraded to version 24.4R1-S3 or 24.4R2 or later. Juniper Networks Junos OS Evolved versions prior to 22.4R3-S8-EVO should be upgraded to version 22.4R3-S8-EVO or later. Juniper Networks Junos OS Evolved versions 23.2 through 23.2R2-S4-EVO should be upgraded to version 23.2R2-S4-EVO or later. Juniper Networks Junos OS Evolved versions 23.4 through 23.4R2-S5-EVO should be upgraded to version 23.4R2-S5-EVO or later. Juniper Networks Junos OS Evolved versions 24.2 through 24.2R2-S1-EVO should be upgraded to version 24.2R2-S1-EVO or later. Juniper Networks Junos OS Evolved versions 24.4 through 24.4R1-S3-EVO, 24.4R2-EVO should be upgraded to version 24.4R1-S3-EVO or 24.4R2-EVO or later.