FlagThis

CyberSecurity updates
2025-02-22 09:28:25 Pacfic
Talkback Resources
Critical Authentication Bypass Flaw in Juniper Routers - 3d
Read more: talkback.sh

Juniper Networks has addressed a critical authentication bypass vulnerability, identified as CVE-2025-21589, affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router products. The vulnerability allows a network-based attacker to bypass authentication and gain administrative control over affected devices. The severity of the flaw is highlighted by its critical CVSS score of 9.8.

Juniper has released updated software versions to mitigate this issue, including SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, and SSR-6.3.3-r2, advising users to upgrade their affected systems promptly. For conductor-managed deployments, upgrading only the Conductor nodes is sufficient, while WAN Assurance users connected to the Mist Cloud have already received automatic patches. It was found through internal security testing.

Original img attribution: https://s3.talkback.sh/media/screenshots/d4bb15e099033b5024b90683ab63776d.png
ImgSrc: s3.talkback.sh
References:
  • Security Archives - Security Affairs - Juniper Networks fixed a critical flaw in Session Smart Routers - 3d
  • Talkback Resources - Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication [exp] [net] - 3d
  • securityonline.info - CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers - 3d
  • Vulnerability Archives ? Cybersecurity News - CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers - 3d
  • The Hacker News - Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication - 2d
  • www.bleepingcomputer.com - Juniper Patches Critical Auth Bypass in Session Smart Routers - 2d
  • www.heise.de - Juniper Session Smart Router: Security leak enables takeover - 2d
  • @vulnerability_lookup - Vulnerability ncsc-2025-0062 has received a comment on Vulnerability-Lookup: 2025-02: Out-of-Cycle Security Bulletin: Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentic - 2d
  • @BleepingComputer - Infosec Exchange Post: Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. - 2d
  • SOCRadar? Cyber Intelligence Inc. - Security Flaws in OpenSSH and Juniper Networks Demand Action (CVE-2025-26465, CVE-2025-26466, and CVE-2025-21589) - 2d
  • Talkback Resources - CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers [app] [net] - 2d
  • @BleepingComputer - ​Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. - 1d
  • @youranonriots - Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. - 18h

Classification:
  • HashTags: JuniperNetworks Vulnerability Cybersecurity
  • Company: Juniper Networks
  • Target: Session Smart Router
  • Attacker: Juniper Networks
  • Product: Session Smart Router
  • Feature: Authentication Bypass
  • Type: Vulnerability
  • Severity: Critical

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.