CVE-2025-21592 - Vulnerability Details

CVE-2025-21592 - Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00026.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Srx1500 Srx1600 Srx2300 Srx300 Srx320 Srx340 Srx345 Srx380 Srx4100 Srx4120 Srx4200 Srx4300 Srx4600 Srx4700 Srx5400 Srx5600 Srx5800
Juniper Networks	Junos Os

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:22.2:-::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.3:-::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r3::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2::::::
	cpe:2.3:o:juniper:junos:23.4:-::::::
	cpe:2.3:o:juniper:junos:23.4:r1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s2::::::

OR	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4120:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Juniper Networks	Junos Os

References

Link	Providers
https://supportportal.juniper.net/JSA92860

History

Mon, 26 Jan 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800
CPEs		cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:h:juniper:srx4120:-:::::::* cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:21.4:-:::::: cpe:2.3:o:juniper:junos:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos:21.4:r1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos:21.4:r3-s6:::::: cpe:2.3:o:juniper:junos:21.4:r3-s7:::::: cpe:2.3:o:juniper:junos:21.4:r3:::::: cpe:2.3:o:juniper:junos:22.2:-:::::: cpe:2.3:o:juniper:junos:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos:22.2:r1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos:22.2:r2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s3:::::: cpe:2.3:o:juniper:junos:22.2:r3-s4:::::: cpe:2.3:o:juniper:junos:22.2:r3:::::: cpe:2.3:o:juniper:junos:22.3:-:::::: cpe:2.3:o:juniper:junos:22.3:r1-s1:::::: cpe:2.3:o:juniper:junos:22.3:r1-s2:::::: cpe:2.3:o:juniper:junos:22.3:r1:::::: cpe:2.3:o:juniper:junos:22.3:r2-s1:::::: cpe:2.3:o:juniper:junos:22.3:r2-s2:::::: cpe:2.3:o:juniper:junos:22.3:r2:::::: cpe:2.3:o:juniper:junos:22.3:r3-s1:::::: cpe:2.3:o:juniper:junos:22.3:r3-s2:::::: cpe:2.3:o:juniper:junos:22.3:r3:::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos:22.4:r3:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:23.2:r2:::::: cpe:2.3:o:juniper:junos:23.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos:23.4:r1::::::
Vendors & Products		Juniper Juniper junos Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800

Thu, 09 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 09 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.
Title		Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system
Weaknesses		CWE-200
References		https://supportportal.juniper.net/JSA92860
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2025-01-09T16:39:56.442Z

Updated: 2025-01-09T19:22:48.614Z

Reserved: 2024-12-26T14:47:11.667Z

Link: CVE-2025-21592

Vulnrichment

Updated: 2025-01-09T19:20:28.550Z

NVD

Status : Analyzed

Published: 2025-01-09T17:15:18.203

Modified: 2026-01-26T19:36:51.937

Link: CVE-2025-21592

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-13T11:07:17Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object