Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-52985

Опубликовано: 11 июл. 2025
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

A Use of Incorrect Operator

vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.

When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered.

This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved:

  • 23.2R2-S3-EVO versions before 23.2R2-S4-EVO,
  • 23.4R2-S3-EVO versions before 23.4R2-S5-EVO,
  • 24.2R2-EVO versions before 24.2R2-S1-EVO,
  • 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

This issue doesn't affect Ju

Ссылки

EPSS

Процентиль: 10%
0.00038
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-480

Связанные уязвимости

github логотип

GHSA-c7mr-h37w-h53j

CVSS3: 5.3
github
около 1 месяца назад

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn't not af...

fstec логотип

BDU:2025-08755

CVSS3: 5.3
fstec
около 1 месяца назад

Уязвимость модуля Routing Engine (RE) операционных систем Juniper Networks Junos OS Evolved, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 10%
0.00038
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-480