CVE-2025-21589

Name of the Vulnerable Software and Affected Versions Juniper Networks Session Smart Router versions 5.6.7 through 5.6.16 Juniper Networks Session Smart Router version 6.0 before 6.0.8 Juniper Networks Session Smart Router versions 6.1 before 6.1.12-lts Juniper Networks Session Smart Router versions 6.2 before 6.2.8-lts Juniper Networks Session Smart Router versions 6.3 before 6.3.3-r2 Juniper Networks Session Smart Conductor versions 5.6.7 through 5.6.16 Juniper Networks Session Smart Conductor version 6.0 before 6.0.8 Juniper Networks Session Smart Conductor versions 6.1 before 6.1.12-lts Juniper Networks Session Smart Conductor versions 6.2 before 6.2.8-lts Juniper Networks Session Smart Conductor versions 6.3 before 6.3.3-r2 WAN Assurance Managed Routers versions 5.6.7 through 5.6.16 WAN Assurance Managed Routers version 6.0 before 6.0.8 WAN Assurance Managed Routers versions 6.1 before 6.1.12-lts WAN Assurance Managed Routers versions 6.2 before 6.2.8-lts WAN Assurance Managed Routers versions 6.3 before 6.3.3-r2

Description A critical authentication bypass issue exists in Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Routers. This flaw allows a network-based attacker to bypass authentication and gain administrative control of the device through the use of an alternate path or channel. The vulnerability was discovered during internal security testing. While no active exploitation has been reported, the potential impact is significant, as a successful exploit grants full administrative access to the affected device. The API is vulnerable, allowing attackers to bypass authentication.

Recommendations Update Session Smart Router to version 5.6.17 or later. Update Session Smart Router to version 6.0.8 or later. Update Session Smart Router to version 6.1.12-lts or later. Update Session Smart Router to version 6.2.8-lts or later. Update Session Smart Router to version 6.3.3-r2 or later. Update Session Smart Conductor to version 5.6.17 or later. Update Session Smart Conductor to version 6.0.8 or later. Update Session Smart Conductor to version 6.1.12-lts or later. Update Session Smart Conductor to version 6.2.8-lts or later. Update Session Smart Conductor to version 6.3.3-r2 or later. Update WAN Assurance Managed Routers to version 5.6.17 or later. Update WAN Assurance Managed Routers to version 6.0.8 or later. Update WAN Assurance Managed Routers to version 6.1.12-lts or later. Update WAN Assurance Managed Routers to version 6.2.8-lts or later. Update WAN Assurance Managed Routers to version 6.3.3-r2 or later. For Conductor-managed routers, update the central Conductor management system. Verify that Mist Cloud-connected routers have received the automatic update. Manually update standalone routers that are not managed by Conductor or Mist Cloud.