Skip to main content

Juniper Networks Releases Out-of-Cycle Security Bulletin for Critical Vulnerability

API authentication bypass vulnerability CVE-2025-21589 affects Session Smart Router, Conductor, and WAN Assurance Managed Routers

Threat ID:
CC-4624
Threat Severity:
Medium
Published:
19 February 2025 12:59 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

API authentication bypass vulnerability CVE-2025-21589 affects Session Smart Router, Conductor, and WAN Assurance Managed Routers

Threat details

Introduction

Juniper Networks has released an out-of-cycle security update addressing one critical API authentication bypass using an alternate path or channel vulnerability, which has a CVSSv4 score of 9.3. Exploitation of the vulnerability could allow a network-based attacker to bypass authentication and take administrative control of the device.

Remediation advice

Affected organisations are encouraged to review Juniper Networks out-of-cycle security bulletin:  "Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass Vulnerability (CVE-2025-21589)" Article ID JSA94663 and apply any relevant security updates.

Last edited: 19 February 2025 1:00 pm