Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21589
PUBLISHED
More InfoOfficial Page
Assigner-juniper
Assigner Org ID-8cbe9d5a-a066-4c94-8978-4b15efeae968
View Known Exploited Vulnerability (KEV) details
Published At-27 Jan, 2026 | 20:32
Updated At-27 Jan, 2026 | 21:28
Rejected At-
▼CVE Numbering Authority (CNA)
Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects Session Smart Conductor:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects WAN Assurance Managed Routers:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2.

Affected Products
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Session Smart Router
Default Status
unaffected
Versions
Affected
  • From 5.6.7 before 5.6.17 (semver)
  • From 6.1 before 6.1.12-lts (semver)
  • From 6.2 before 6.2.8-lts (semver)
  • From 6.3 before 6.3.3-r2 (semver)
Unaffected
  • From 6.0 before 6.0.8 (semver)
    • -> affectedfrom6.0.8
Vendor
Juniper Networks, Inc.Juniper Networks
Product
Session Smart Conductor
Default Status
unaffected
Versions
Affected
  • From 5.6.7 before 5.6.17 (semver)
  • From 6.1 before 6.1.12-lts (semver)
  • From 6.2 before 6.2.8-lts (semver)
  • From 6.3 before 6.3.3-r2 (semver)
Unaffected
  • From 6.0 before 6.0.8 (semver)
    • -> affectedfrom6.0.8
Vendor
Juniper Networks, Inc.Juniper Networks
Product
WAN Assurance Managed Router
Default Status
unaffected
Versions
Affected
  • From 5.6.7 before 5.6.17 (semver)
  • From 6.1 before 6.1.12-lts (semver)
  • From 6.2 before 6.2.8-lts (semver)
  • From 6.3 before 6.3.3-r2 (semver)
Unaffected
  • From 6.0 before 6.0.8 (semver)
    • -> affectedfrom6.0.8
Problem Types
TypeCWE IDDescription
CWECWE-288CWE-288 Authentication Bypass Using an Alternate Path or Channel
Type: CWE
CWE ID: CWE-288
Description: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this issue: Session Smart Router: SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2 and subsequent releases. It is suggested to upgrade all affected systems to one of these versions of software. In a Conductor-managed deployment, it is sufficient to upgrade only the Conductor nodes and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor. Router patching can be confirmed once the router reaches the “running" (on 6.2 and earlier) or “synchronized” (on 6.3+) state on the Conductor".   This vulnerability has been patched automatically on devices that operate with WAN Assurance (where configuration is also managed) connected to the Mist Cloud. As practical, the routers should still be upgraded to a version containing the fix. It is important to note that when the fix is applied automatically on routers managed by a Conductor or on WAN assurance, it will have no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic. There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs.

Configurations
Workarounds

There are no known workarounds for this issue.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://supportportal.juniper.net/
vendor-advisory
https://support.juniper.net/support/eol/software/ssr/
related
https://kb.juniper.net/JSA94663
vendor-advisory
Hyperlink: https://supportportal.juniper.net/
Resource:
vendor-advisory
Hyperlink: https://support.juniper.net/support/eol/software/ssr/
Resource:
related
Hyperlink: https://kb.juniper.net/JSA94663
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found