{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30650", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-03-24T19:34:11.321Z", "datePublished": "2026-04-08T17:26:35.685Z", "dateUpdated": "2026-04-08T20:07:06.271Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.4R3-S8", "status": "affected", "version": "all versions", "versionType": "semver"}, {"lessThan": "23.2R2-S6", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S6", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S3", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Pierre EMERIAUD & Orange CERT-CC from Orange group for responsibly reporting this vulnerability."}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A&nbsp;Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved\n\n as root.<br><br>This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:<br><ul><li>MPC7, MPC8, MPC9, MPC10, MPC11</li><li>LC2101, LC2103</li><li>LC480, LC4800, LC9600</li><li>MX304 (built-in FPC)</li><li>MX-SPC3</li><li>SRX5K-SPC3</li><li>EX9200-40XS<br><br></li><li>FPC3-PTX-U2, FPC3-PTX-U3</li><li>FPC3-SFF-PTX</li><li>LC1101, LC1102, LC1104, LC1105</li></ul><p><br></p><p>This issue affects&nbsp;Junos OS:&nbsp;</p><p></p><ul><li>all versions before 22.4R3-S8,&nbsp;</li><li>from 23.2 before 23.2R2-S6,&nbsp;</li><li>from 23.4 before 23.4R2-S6,&nbsp;</li><li>from 24.2 before 24.2R2-S3,&nbsp;</li><li>from 24.4 before 24.4R2,</li><li>from 25.2 before 25.2R2.</li></ul><p></p>"}], "value": "A\u00a0Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved\n\n as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n * MPC7, MPC8, MPC9, MPC10, MPC11\n * LC2101, LC2103\n * LC480, LC4800, LC9600\n * MX304 (built-in FPC)\n * MX-SPC3\n * SRX5K-SPC3\n * EX9200-40XS\n\n\n * FPC3-PTX-U2, FPC3-PTX-U3\n * FPC3-SFF-PTX\n * LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S6,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2,\n * from 25.2 before 25.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.4, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-08T17:26:35.685Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA107863"}, {"tags": ["third-party-advisory"], "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq"}, {"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107863"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases."}], "source": {"advisory": "JSA107863", "defect": ["1872703"], "discovery": "EXTERNAL"}, "title": "Junos OS: Privileged local user can gain access to a Linux-based FPC as root", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T20:06:27.813930Z", "id": "CVE-2025-30650", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T20:07:06.271Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30650", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T20:06:27.813930Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T20:06:54.101Z"}}], "cna": {"title": "Junos OS: Privileged local user can gain access to a Linux-based FPC as root", "source": {"defect": ["1872703"], "advisory": "JSA107863", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Pierre EMERIAUD & Orange CERT-CC from Orange group for responsibly reporting this vulnerability."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.4, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "all versions", "lessThan": "22.4R3-S8", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S6", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2-S6", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R2-S3", "versionType": "semver"}, {"status": "affected", "version": "24.4", "lessThan": "24.4R2", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2026-04-08T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA107863", "tags": ["vendor-advisory"]}, {"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq", "tags": ["third-party-advisory"]}, {"url": "https://kb.juniper.net/JSA107863", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A\u00a0Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved\n\n as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n * MPC7, MPC8, MPC9, MPC10, MPC11\n * LC2101, LC2103\n * LC480, LC4800, LC9600\n * MX304 (built-in FPC)\n * MX-SPC3\n * SRX5K-SPC3\n * EX9200-40XS\n\n\n * FPC3-PTX-U2, FPC3-PTX-U3\n * FPC3-SFF-PTX\n * LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S6,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2,\n * from 25.2 before 25.2R2.", "supportingMedia": [{"type": "text/html", "value": "A&nbsp;Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved\n\n as root.<br><br>This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:<br><ul><li>MPC7, MPC8, MPC9, MPC10, MPC11</li><li>LC2101, LC2103</li><li>LC480, LC4800, LC9600</li><li>MX304 (built-in FPC)</li><li>MX-SPC3</li><li>SRX5K-SPC3</li><li>EX9200-40XS<br><br></li><li>FPC3-PTX-U2, FPC3-PTX-U3</li><li>FPC3-SFF-PTX</li><li>LC1101, LC1102, LC1104, LC1105</li></ul><p><br></p><p>This issue affects&nbsp;Junos OS:&nbsp;</p><p></p><ul><li>all versions before 22.4R3-S8,&nbsp;</li><li>from 23.2 before 23.2R2-S6,&nbsp;</li><li>from 23.4 before 23.4R2-S6,&nbsp;</li><li>from 24.2 before 24.2R2-S3,&nbsp;</li><li>from 24.4 before 24.4R2,</li><li>from 25.2 before 25.2R2.</li></ul><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-08T17:26:35.685Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30650", "state": "PUBLISHED", "dateUpdated": "2026-04-08T20:07:06.271Z", "dateReserved": "2025-03-24T19:34:11.321Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2026-04-08T17:26:35.685Z", "assignerShortName": "juniper"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A\u00a0Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved\n\n as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n * MPC7, MPC8, MPC9, MPC10, MPC11\n * LC2101, LC2103\n * LC480, LC4800, LC9600\n * MX304 (built-in FPC)\n * MX-SPC3\n * SRX5K-SPC3\n * EX9200-40XS\n\n\n * FPC3-PTX-U2, FPC3-PTX-U3\n * FPC3-SFF-PTX\n * LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S6,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2,\n * from 25.2 before 25.2R2."}], "id": "CVE-2025-30650", "lastModified": "2026-04-08T21:26:13.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-08T19:24:00.440", "references": [{"source": "sirt@juniper.net", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq"}, {"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107863"}, {"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA107863"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[23.2,23.2R2-S6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[23.4,23.4R2-S6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[24.2,24.2R2-S3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-08T19:54:44.129063+00:00", "value": {"mitigation_remediation": ["Upgrade Junos OS to at least 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, or any subsequent release.", "Verify that all devices use the latest supported firmware and reboot to activate the changes.", "Limit local administrative access to trusted personnel and monitor for anomalous privileged activity."], "summary": {"action": "Patch Immediately", "impact": "Local Privilege Escalation to Root on Line Cards"}, "threat_synthesis": {"affected_systems": "All Junos OS releases before the referenced updates are vulnerable. Devices using Linux-based line cards such as MPC7, MPC8, MPC9, MPC10, MPC11, LC2101, LC2103, LC480, LC4800, LC9600, MX304 (built-in FPC), MX-SPC3, SRX5K-SPC3, EX9200-40XS, FPC3-PTX-U2, FPC3-PTX-U3, FPC3-SFF-PTX, LC1101, LC1102, LC1104, LC1105 are affected.", "description_and_impact": "A missing authentication flaw in Junos OS command processing allows a privileged local user to execute commands as root on Linux-based line cards. The vulnerability can be exploited to gain unrestricted control over the affected hardware, enabling configuration changes, traffic manipulation and intrusion into the broader network.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.4, indicating high severity, and is not listed in the KEV catalog. Exploitation requires local privileged access to the device, which an attacker with such access can use to elevate to root on the line card. Once root privileges are obtained, the attacker can bypass security controls, tamper with routing, or carry out further attacks within the network."}}}}, "created": "2026-04-08T19:59:40.798168+00:00", "updated": "2026-04-08T20:12:47.923416+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}