CVE Tools
Home/Vulnerability/CVE-2025-21590

CVE-2025-21590

Junos OS: An local attacker with shell access can execute arbitrary code

Published: Mar 12, 2025Updated: Oct 24, 2025 Sources: CVE List NVD BDU
NVD MITRE
4.4CVSS
MEDIUM

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.

EPSS Score
1.7%
Top 17.3%
CISA KEV
Active Exploitation
Since Mar 13, 2025
Exploits
0 Known
Remediation
Patch Available

CVSS Vector Breakdown

AV:LAC:LPR:HUI:NS:UC:NI:HA:N
Exploitability
AV:LAttack Vector
Local
AC:LAttack Complexity
Low
PR:HPrivileges Required
High
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:HIntegrity
High
A:NAvailability
None

Weaknesses

CWE-653

Affected Products

Junos OS
Juniper Networks
JunOS
Juniper Networks Inc.
junos
juniper

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Mar 13, 2025
Remediation due:Apr 3, 2025

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

0 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Workaround Available

References

https://supportportal.juniper.net/JSA93446
supportportal.juniper.net
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers
cloud.google.com
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers
cloud.google.com
and 2 more references View all →

Timeline

Published
Mar 12, 2025
Added to CISA KEV
Mar 13, 2025
Last Updated
Oct 24, 2025
News mentions
1

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-21590 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
AI-powered analysis
Plain-language impact assessment and exploitation scenario
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows