Main Vulnerability Database Vulnerabilities #VU113180

#VU113180 Use of incorrect operator in Junos OS Evolved - CVE-2025-52985

Published: July 23, 2025

Vulnerability identifier: #VU113180

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-52985

CWE-ID: CWE-480

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to use of incorrect operator in the Routing Engine firewall, when a firewall filter, which is applied to the lo0 or re:mgmt interface, references a prefix list, and that prefix list contains more than 10 entries. In such case the prefix list doesn't match and packets destined to the local device are not filtered.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-When-a-control-plane-firewall-filter-refers-to-a-prefix-list-with-more-then-10-entries-it-s-not-matching-CVE-2025-52985

#VU113180 Use of incorrect operator in Junos OS Evolved - CVE-2025-52985

Description

Remediation

External links

Please verify you're human