Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-52985
Analyzed
More InfoOfficial Page
Source-sirt@juniper.net
View Known Exploited Vulnerability (KEV) details
Published At-11 Jul, 2025 | 16:15
Updated At-23 Jan, 2026 | 17:06

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn't affect Junos OS Evolved versions before 23.2R1-EVO.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>23.2
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>23.4
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>23.4
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>24.2
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>24.4
cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>24.4
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>24.4
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos_os_evolved>>24.4
cpe:2.3:o:juniper:junos_os_evolved:24.4:r2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-480Secondarysirt@juniper.net
CWE ID: CWE-480
Type: Secondary
Source: sirt@juniper.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://supportportal.juniper.net/JSA100091sirt@juniper.net
Vendor Advisory
Hyperlink: https://supportportal.juniper.net/JSA100091
Source: sirt@juniper.net
Resource:
Vendor Advisory
Change History
0Changes found
Details not found