CVE-2025-30650 - Vulnerability Details

- Junos OS: Privileged local user can gain access to a Linux-based FPC as root

Description

A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved

as root.

This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include:
* MPC7, MPC8, MPC9, MPC10, MPC11
* LC2101, LC2103
* LC480, LC4800, LC9600
* MX304 (built-in FPC)
* MX-SPC3
* SRX5K-SPC3
* EX9200-40XS

* FPC3-PTX-U2, FPC3-PTX-U3
* FPC3-SFF-PTX
* LC1101, LC1102, LC1104, LC1105

This issue affects Junos OS:

* all versions before 22.4R3-S8,
* from 23.2 before 23.2R2-S6,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2,
* from 25.2 before 25.2R2.

Published: 2026-04-08

Score: 8.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing authentication flaw in Junos OS command processing allows a privileged local user to execute commands as root on Linux-based line cards. The vulnerability can be exploited to gain unrestricted control over the affected hardware, enabling configuration changes, traffic manipulation and intrusion into the broader network.

Affected Systems

All Junos OS releases before the referenced updates are vulnerable. Devices using Linux-based line cards such as MPC7, MPC8, MPC9, MPC10, MPC11, LC2101, LC2103, LC480, LC4800, LC9600, MX304 (built-in FPC), MX-SPC3, SRX5K-SPC3, EX9200-40XS, FPC3-PTX-U2, FPC3-PTX-U3, FPC3-SFF-PTX, LC1101, LC1102, LC1104, LC1105 are affected.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.4, indicating high severity, and is not listed in the KEV catalog. Exploitation requires local privileged access to the device, which an attacker with such access can use to elevate to root on the line card. Once root privileges are obtained, the attacker can bypass security controls, tamper with routing, or carry out further attacks within the network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

unaffected

Version	Status	Constraints
`0`	affected	< 22.4R3-S8
`23.2`	affected	< 23.2R2-S6
`23.4`	affected	< 23.4R2-S6
`24.2`	affected	< 24.2R2-S3
`24.4`	affected	< 24.4R2
`25.2`	affected	< 25.2R2

No data.

Vendor Product Confidence Versions

Juniper Networks

Junos Os

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—
`[23.2,23.2R2-S6)`	affected	generic	—
`[23.4,23.4R2-S6)`	affected	generic	—
`[24.2,24.2R2-S3)`	affected	generic	—
`[24.4,24.4R2)`	affected	generic	—
`[25.2,25.2R2)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, and all subsequent releases.

Vendor Workaround

There are no known workarounds for this issue.

OpenCVE Recommended Actions

Upgrade Junos OS to at least 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, 25.2R2, 25.4R1, or any subsequent release.
Verify that all devices use the latest supported firmware and reboot to activate the changes.
Limit local administrative access to trusted personnel and monitor for anomalous privileged activity.

Generated by OpenCVE AI on April 8, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq
https://kb.juniper.net/JSA107863

History

Thu, 09 Apr 2026 22:30:00 +0000

Type	Values Removed	Values Added
References	https://supportportal.juniper.net/JSA107863

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Networks Juniper Networks junos Os
Vendors & Products		Juniper Networks Juniper Networks junos Os
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description		A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.
Title		Junos OS: Privileged local user can gain access to a Linux-based FPC as root
Weaknesses		CWE-306
References		https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq https://kb.juniper.net/JSA107863 https://supportportal.juniper.net/JSA107863
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber'}`

Subscriptions

Juniper Networks Junos Os

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2026-04-08T17:26:35.685Z

Updated: 2026-04-09T21:32:51.610Z

Reserved: 2025-03-24T19:34:11.321Z

Link: CVE-2025-30650

Vulnrichment

Updated: 2026-04-08T20:06:54.101Z

NVD

Status : Awaiting Analysis

Published: 2026-04-08T19:24:00.440

Modified: 2026-04-09T22:16:23.860

Link: CVE-2025-30650

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-08T20:12:47Z

Weaknesses

CWE-306

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object