CVE-2025-52983
Junos OS: After removing ssh public key authentication root can still log in
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.
| CWE | CWE-446 |
| Vendor | juniper networks |
| Product | junos os |
| Published | Jul 11, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for juniper networks junos os
Be the first to know when new high vulnerabilities affecting juniper networks junos os are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Juniper Networks / Junos OS
0 < 22.2R3-S7 22.4 < 22.4R3-S5 23.2 < 23.2R2-S3 23.4 < 23.4R2-S3 24.2 < 24.2R1-S2, 24.2R2