CVE-2025-52983
HIGHDescription
A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS: * all versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.
Is your site exposed to CVE-2025-52983?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
References
Frequently Asked Questions
What is CVE-2025-52983? +
How severe is CVE-2025-52983? +
What products are affected by CVE-2025-52983? +
How do I check if I'm vulnerable to CVE-2025-52983? +
Related Vulnerabilities
UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote …
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, …
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple …
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker …
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows …
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on …