CVE-2025-21590 Vulnerability — CVSS 4.4, MEDIUM Severity

Description

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S

CISA Known Exploited Vulnerability

Date Added: 3/13/2025
Patch Due Date: 4/3/2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Technical Details

CVSS v3 Vector: 3.1
Published: 3/12/2025
Last Modified: 10/24/2025

Frequently Asked Questions

What is CVE-2025-21590?

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S

Is CVE-2025-21590 actively exploited?

Yes. CVE-2025-21590 is on the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it has been confirmed as actively exploited in the wild. CISA requires federal agencies to patch by 4/3/2025.

What is the CVSS score for CVE-2025-21590?

CVE-2025-21590 has a CVSS v3 base score of 4.4 (MEDIUM severity), with vector string 3.1.

CVE-2025-21590