CVE-2025-52985

Severity CVSS v4.0:

MEDIUM

Type:

Unavailable / Other

Publication date:

11/07/2025

Last modified:

23/01/2026

Description

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with &#39;from prefix-list&#39;, and that prefix list contains more than 10 entries, the prefix list doesn&#39;t match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn&#39;t affect Junos OS Evolved versions before 23.2R1-EVO.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 6.90 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): Low
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

6.90

Severity 4.0

MEDIUM

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): Low
Availability (A): None

Base Score 3.x

5.30

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r2::::::

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://supportportal.juniper.net/JSA100091

CPE	From	Up to
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r2::::::