CVE-2025-30650: CWE-306 Missing Authentication for Critical Function in Juniper Networks Junos OS
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-30650) involves missing authentication for a critical function in the command processing of Juniper Networks Junos OS running on Linux-based line cards. It enables a privileged local attacker to escalate privileges to root on affected line cards, including MPC7 through MPC11, LC2101 through LC1105, MX304, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and various FPC3-PTX models. The issue affects multiple Junos OS versions prior to patched releases starting from 22.4R3-S8 and selected later versions up to 25.2. The CVSS 3.1 base score is 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting medium severity with high impact on confidentiality, integrity, and availability. The vendor provides patches and manages remediation for this cloud service environment.
Potential Impact
A privileged local attacker can exploit this vulnerability to gain root access on affected Junos OS line cards, potentially compromising confidentiality, integrity, and availability of the device. This could allow unauthorized control over critical network functions on the affected hardware. There are no known exploits in the wild currently.
Mitigation Recommendations
A patch is available for this vulnerability. The vendor manages remediation for this cloud-hosted service; users should apply the official Junos OS updates starting from versions 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, and 25.2R2 or later as applicable. Check the vendor advisory for the latest patch information and apply updates promptly to mitigate this issue.
CVE-2025-30650: CWE-306 Missing Authentication for Critical Function in Juniper Networks Junos OS
Description
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-30650) involves missing authentication for a critical function in the command processing of Juniper Networks Junos OS running on Linux-based line cards. It enables a privileged local attacker to escalate privileges to root on affected line cards, including MPC7 through MPC11, LC2101 through LC1105, MX304, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and various FPC3-PTX models. The issue affects multiple Junos OS versions prior to patched releases starting from 22.4R3-S8 and selected later versions up to 25.2. The CVSS 3.1 base score is 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), reflecting medium severity with high impact on confidentiality, integrity, and availability. The vendor provides patches and manages remediation for this cloud service environment.
Potential Impact
A privileged local attacker can exploit this vulnerability to gain root access on affected Junos OS line cards, potentially compromising confidentiality, integrity, and availability of the device. This could allow unauthorized control over critical network functions on the affected hardware. There are no known exploits in the wild currently.
Mitigation Recommendations
A patch is available for this vulnerability. The vendor manages remediation for this cloud-hosted service; users should apply the official Junos OS updates starting from versions 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, and 25.2R2 or later as applicable. Check the vendor advisory for the latest patch information and apply updates promptly to mitigate this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2025-03-24T19:34:11.321Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d6bc281cc7ad14daadeaf2
Added to database: 4/8/2026, 8:35:52 PM
Last enriched: 4/8/2026, 8:51:18 PM
Last updated: 4/9/2026, 6:53:42 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.