Juniper Networks has launched safety updates to deal with a important safety flaw impacting Session Sensible Router, Session Sensible Conductor, and WAN Assurance Router merchandise that might be exploited to hijack management of vulnerable gadgets.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 rating of 9.8 and a CVS v4 rating of 9.3.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Sensible Router might enable a network-based attacker to bypass authentication and take administrative management of the machine,” the corporate stated in an advisory.
The vulnerability impacts the next merchandise and variations –
- Session Sensible Router: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- Session Sensible Conductor: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- WAN Assurance Managed Routers: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
Juniper Networks stated the vulnerability was found throughout inside product safety testing and analysis, and that it is not conscious of any malicious exploitation.
The flaw has been addressed in Session Sensible Router variations SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2, and later.
“This vulnerability has been patched robotically on gadgets that function with WAN Assurance (the place configuration can be managed) linked to the Mist Cloud,” the corporate added. “As sensible, the routers ought to nonetheless be upgraded to a model containing the repair.”