Skip to main content

API authentication bypass vulnerability CVE-2025-21589 affects Session Smart Router, Conductor, and WAN Assurance Managed Routers

Threat ID:CC-4624
Threat Severity:Medium
Published:19 February 2025 12:59 PM

Summary

API authentication bypass vulnerability CVE-2025-21589 affects Session Smart Router, Conductor, and WAN Assurance Managed Routers

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 5.6.17, all post 6.0.8, all prior to 6.1.12-lts, all prior to 6.2.8-lts, all prior to 6.3.3-r2
Juniper Networks Session Smart Router
Versions: all prior to 5.6.17, all post 6.0.8, all prior to 6.1.12-lts, all prior to 6.2.8-lts, all prior to 6.3.3-r2
Juniper Networks Conductor
Versions: all prior to 5.6.17, all post 6.0.8, all prior to 6.1.12-lts, all prior to 6.2.8-lts, all prior to 6.3.3-r2
Juniper Networks RoutersWAN Assurance Managed Router

Threat details

Introduction

Juniper Networks has released an out-of-cycle security update addressing one critical API authentication bypass using an alternate path or channel vulnerability, which has a CVSSv4 score of 9.3. Exploitation of the vulnerability could allow a network-based attacker to bypass authentication and take administrative control of the device.

Remediation advice

Affected organisations are encouraged to review Juniper Networks out-of-cycle security bulletin:  "Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass Vulnerability (CVE-2025-21589)" Article ID JSA94663 and apply any relevant security updates.

Definitive source of threat updates

CVE Vulnerabilities

StatusReserved
CVE-2025-21589

Last edited: 19 February 2025 1:00 pm

Back to top