Main Vulnerability Database Vulnerabilities #VU116933

OS Command Injection in Junos OS Evolved - CVE-2025-60006

Published: October 13, 2025

Vulnerability identifier: #VU116933

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-60006

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Juniper Networks, Inc.

Affected software:
Junos OS Evolved

Detailed vulnerability description

The vulnerability allows a local user to read and manipulate data.

Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands.

When an attacker executes crafted CLI commands, the options are processed via a script in some cases.

How to mitigate CVE-2025-60006

Install updates from vendor's website.

Sources

https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006

OS Command Injection in Junos OS Evolved - CVE-2025-60006

Detailed vulnerability description

How to mitigate CVE-2025-60006

Sources

Please verify you're human