{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30650", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-03-24T19:34:11.321Z", "datePublished": "2026-04-08T17:26:35.685Z", "dateUpdated": "2026-04-13T21:17:19.185Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.4R3-S8", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "23.2R2-S6", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S6", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S3", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Pierre EMERIAUD & Orange CERT-CC from Orange group for responsibly reporting this vulnerability."}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A&nbsp;Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root.<br><br>This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:<br><ul><li>MPC7, MPC8, MPC9, MPC10, MPC11</li><li>LC2101, LC2103</li><li>LC480, LC4800, LC9600</li><li>MX304 (built-in FPC)</li><li>MX-SPC3</li><li>SRX5K-SPC3</li><li>EX9200-40XS<br><br></li><li>FPC3-PTX-U2, FPC3-PTX-U3</li><li>FPC3-SFF-PTX</li><li>LC1101, LC1102, LC1104, LC1105</li></ul><p><br></p><p>This issue affects&nbsp;Junos OS:&nbsp;</p><p></p><ul><li>all versions before 22.4R3-S8,&nbsp;</li><li>from 23.2 before 23.2R2-S6,&nbsp;</li><li>from 23.4 before 23.4R2-S6,&nbsp;</li><li>from 24.2 before 24.2R2-S3,&nbsp;</li><li>from 24.4 before 24.4R2,</li><li>from 25.2 before 25.2R2.</li></ul><p></p>"}], "value": "A\u00a0Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n * MPC7, MPC8, MPC9, MPC10, MPC11\n * LC2101, LC2103\n * LC480, LC4800, LC9600\n * MX304 (built-in FPC)\n * MX-SPC3\n * SRX5K-SPC3\n * EX9200-40XS\n\n\n * FPC3-PTX-U2, FPC3-PTX-U3\n * FPC3-SFF-PTX\n * LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S6,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2,\n * from 25.2 before 25.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.4, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-13T21:17:19.185Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq"}, {"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107863"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases."}], "source": {"advisory": "JSA107863", "defect": ["1872703"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2026-04-08T16:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2026-04-13T16:00:00.000Z", "value": "Removed reference to EVO. Issue is specific to Junos OS with Linux-based line cards."}], "title": "Junos OS: Privileged local user can gain access to a Linux-based FPC as root", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T20:06:27.813930Z", "id": "CVE-2025-30650", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T20:07:06.271Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30650", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-08T20:06:27.813930Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T20:06:54.101Z"}}], "cna": {"title": "Junos OS: Privileged local user can gain access to a Linux-based FPC as root", "source": {"defect": ["1872703"], "advisory": "JSA107863", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Pierre EMERIAUD & Orange CERT-CC from Orange group for responsibly reporting this vulnerability."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.4, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "22.4R3-S8", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S6", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2-S6", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R2-S3", "versionType": "semver"}, {"status": "affected", "version": "24.4", "lessThan": "24.4R2", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-04-08T16:00:00.000Z", "value": "Initial Publication"}, {"lang": "en", "time": "2026-04-13T16:00:00.000Z", "value": "Removed reference to EVO. Issue is specific to Junos OS with Linux-based line cards."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2026-04-08T16:00:00.000Z", "references": [{"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq", "tags": ["third-party-advisory"]}, {"url": "https://kb.juniper.net/JSA107863", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A\u00a0Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n * MPC7, MPC8, MPC9, MPC10, MPC11\n * LC2101, LC2103\n * LC480, LC4800, LC9600\n * MX304 (built-in FPC)\n * MX-SPC3\n * SRX5K-SPC3\n * EX9200-40XS\n\n\n * FPC3-PTX-U2, FPC3-PTX-U3\n * FPC3-SFF-PTX\n * LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S6,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2,\n * from 25.2 before 25.2R2.", "supportingMedia": [{"type": "text/html", "value": "A&nbsp;Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root.<br><br>This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:<br><ul><li>MPC7, MPC8, MPC9, MPC10, MPC11</li><li>LC2101, LC2103</li><li>LC480, LC4800, LC9600</li><li>MX304 (built-in FPC)</li><li>MX-SPC3</li><li>SRX5K-SPC3</li><li>EX9200-40XS<br><br></li><li>FPC3-PTX-U2, FPC3-PTX-U3</li><li>FPC3-SFF-PTX</li><li>LC1101, LC1102, LC1104, LC1105</li></ul><p><br></p><p>This issue affects&nbsp;Junos OS:&nbsp;</p><p></p><ul><li>all versions before 22.4R3-S8,&nbsp;</li><li>from 23.2 before 23.2R2-S6,&nbsp;</li><li>from 23.4 before 23.4R2-S6,&nbsp;</li><li>from 24.2 before 24.2R2-S3,&nbsp;</li><li>from 24.4 before 24.4R2,</li><li>from 25.2 before 25.2R2.</li></ul><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-13T21:17:19.185Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30650", "state": "PUBLISHED", "dateUpdated": "2026-04-13T21:17:19.185Z", "dateReserved": "2025-03-24T19:34:11.321Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2026-04-08T17:26:35.685Z", "assignerShortName": "juniper"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A\u00a0Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root.\n\nThis issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:\n * MPC7, MPC8, MPC9, MPC10, MPC11\n * LC2101, LC2103\n * LC480, LC4800, LC9600\n * MX304 (built-in FPC)\n * MX-SPC3\n * SRX5K-SPC3\n * EX9200-40XS\n\n\n * FPC3-PTX-U2, FPC3-PTX-U3\n * FPC3-SFF-PTX\n * LC1101, LC1102, LC1104, LC1105\n\n\n\n\n\nThis issue affects\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S6,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2,\n * from 25.2 before 25.2R2."}], "id": "CVE-2025-30650", "lastModified": "2026-04-13T22:16:26.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-08T19:24:00.440", "references": [{"source": "sirt@juniper.net", "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq"}, {"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107863"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[23.2,23.2R2-S6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[23.4,23.4R2-S6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[24.2,24.2R2-S3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-13T22:54:53.608135+00:00", "value": {"mitigation_remediation": ["Apply the latest Junos OS patch by upgrading to a release that includes 22.4R3\u2011S8, 23.2R2\u2011S6, 23.4R2\u2011S6, 24.2R2\u2011S3, 24.4R2, or 25.2R2, or any newer version in the same series."], "summary": {"action": "Apply Patch", "impact": "Root access on Linux-based FPC"}, "threat_synthesis": {"affected_systems": "The flaw targets Juniper Networks Junos OS devices that incorporate Linux\u2011based line cards. Impacted line cards are MPC7, MPC8, MPC9, MPC10, MPC11, LC2101, LC2103, LC480, LC4800, LC9600, MX304 (built\u2011in FPC), MX\u2011SPC3, SRX5K\u2011SPC3, EX9200\u201140XS, FPC3\u2011PTX\u2011U2, FPC3\u2011PTX\u2011U3, FPC3\u2011SFF\u2011PTX, LC1101, LC1102, LC1104, and LC1105. All Junos OS releases prior to 22.4R3\u2011S8, before 23.2R2\u2011S6, before 23.4R2\u2011S6, before 24.2R2\u2011S3, before 24.4R2, and before 25.2R2 are vulnerable; newer releases contain the fix.", "description_and_impact": "The vulnerability is a Missing Authentication for Critical Function flaw in Juniper Networks Junos OS. It allows a privileged local attacker to issue commands that bypass required authentication, which results in root access on the Linux-based Forwarding Plane Card. As root, the attacker could alter the FPC environment or affect packet forwarding, thereby compromising the device\u2019s confidentiality, integrity, and availability. The weakness is classified as CWE-306.", "risk_and_exploitability": "The CVSS score of 8.4 indicates high severity, while the EPSS score of less than 1\u202f% points to a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker needs local privileged access, typically through console or authenticated SSH, to issue commands that bypass authentication and gain root on the FPC. The local nature of the attack coupled with the resulting full root on a critical component means that, once an attacker can run privileged commands, the threat vector can lead directly to compromise of device configuration and forwarding behaviour."}}}}, "created": "2026-04-08T19:59:40.798168+00:00", "updated": "2026-04-14T16:38:12.683167+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}