Juniper Networks has released security updates to address a critical security lack that affects a reasonable router session, Smart Winder and Wan router products that can be used to control the capture of sensitive devices.
Tracked as Cve-2025-21589The vulnerability carries the CVSS V3.1 9.8 and the CVS V4 9.3 mark.
“Bypass authentication using an alternative way or vulnerability of the channel in session sessions of the Seest Season Season can allow the attacker to pass authentication and take administrative control over the device,” company company company – Note In advisory.
Vulnerability affects the following products and versions –
- Smart Session Router: 5.6.7 to 5.6.17, from 6.0.8, from 6.1 to 6.12-l
- Smart Conductor session: from 5.6.7 to 5.6.17, from 6.0.8, from 6.1 to 6.12-l
- Wan Assurance Routers: 5.6.7 to 5.6.17, from 6.0.8, from 6.1 to 6.12-LTS, from 6.2 to 6.8, and from 6, from 6, 3 to 6.3.3-R2
Seniper Networks said the vulnerability was discovered during the inspection and research of the safety of the products, and that this is not known about malicious operation.
The disadvantage was addressed in the Smart Router Wersions SSR-5.17, SSR-6.1.12-LTS, SSR-6.8-LTS, SSR-6.3-R2 and later.
“This vulnerability has been automatically recorded on devices that work with Wan (where the configuration is also controlled), connected to the Mist cloud,” the company added. “Like practically, routers still have to be updated to a version containing a fix.”
