Juniper Networks has launched safety updates to handle a vital safety flaw impacting Session Sensible Router, Session Sensible Conductor, and WAN Assurance Router merchandise that could possibly be exploited to hijack management of prone units.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 rating of 9.8 and a CVS v4 rating of 9.3.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Sensible Router could permit a network-based attacker to bypass authentication and take administrative management of the gadget,” the corporate said in an advisory.
The vulnerability impacts the next merchandise and variations –
- Session Sensible Router: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- Session Sensible Conductor: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- WAN Assurance Managed Routers: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
Juniper Networks mentioned the vulnerability was found throughout inside product safety testing and analysis, and that it is not conscious of any malicious exploitation.
The flaw has been addressed in Session Sensible Router variations SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2, and later.
“This vulnerability has been patched mechanically on units that function with WAN Assurance (the place configuration can also be managed) linked to the Mist Cloud,” the corporate added. “As sensible, the routers ought to nonetheless be upgraded to a model containing the repair.”
