CVE-2025-30650: CWE-306 Missing Authentication for Critical Function in Juniper Networks Junos OS
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.
AI Analysis
Technical Summary
This vulnerability (CWE-306) in Juniper Networks Junos OS affects Linux-based line cards by missing authentication checks on critical command processing functions. Privileged local attackers can exploit this to gain root access on affected line cards, including MPC7 through MPC11, LC2101 through LC1105 series, MX304, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and several FPC3 variants. The issue impacts all Junos OS versions before 22.4R3-S8, and certain versions from 23.2, 23.4, 24.2, 24.4, and 25.2 branches before specified patch releases. The CVSS 3.1 vector is AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, reflecting local attack vector, low complexity, high privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Juniper manages remediation for this cloud service and a patch is available.
Potential Impact
A privileged local attacker can exploit this vulnerability to gain root-level access on affected Linux-based line cards running Junos OS. This can lead to full compromise of the line card, impacting confidentiality, integrity, and availability of the device functions. The vulnerability affects multiple line card models and Junos OS versions prior to patched releases. There are no known exploits in the wild at this time.
Mitigation Recommendations
A patch is available for this vulnerability. Juniper Networks manages remediation for this cloud-hosted service; users should apply the official patches corresponding to their Junos OS versions as listed (22.4R3-S8 and later, 23.2R2-S6 and later, 23.4R2-S6 and later, 24.2R2-S3 and later, 24.4R2 and later, 25.2R2 and later). Check the vendor advisory for the latest remediation guidance and apply updates promptly.
CVE-2025-30650: CWE-306 Missing Authentication for Critical Function in Juniper Networks Junos OS
Description
A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-306) in Juniper Networks Junos OS affects Linux-based line cards by missing authentication checks on critical command processing functions. Privileged local attackers can exploit this to gain root access on affected line cards, including MPC7 through MPC11, LC2101 through LC1105 series, MX304, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and several FPC3 variants. The issue impacts all Junos OS versions before 22.4R3-S8, and certain versions from 23.2, 23.4, 24.2, 24.4, and 25.2 branches before specified patch releases. The CVSS 3.1 vector is AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, reflecting local attack vector, low complexity, high privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Juniper manages remediation for this cloud service and a patch is available.
Potential Impact
A privileged local attacker can exploit this vulnerability to gain root-level access on affected Linux-based line cards running Junos OS. This can lead to full compromise of the line card, impacting confidentiality, integrity, and availability of the device functions. The vulnerability affects multiple line card models and Junos OS versions prior to patched releases. There are no known exploits in the wild at this time.
Mitigation Recommendations
A patch is available for this vulnerability. Juniper Networks manages remediation for this cloud-hosted service; users should apply the official patches corresponding to their Junos OS versions as listed (22.4R3-S8 and later, 23.2R2-S6 and later, 23.4R2-S6 and later, 24.2R2-S3 and later, 24.4R2 and later, 25.2R2 and later). Check the vendor advisory for the latest remediation guidance and apply updates promptly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2025-03-24T19:34:11.321Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d6bc281cc7ad14daadeaf2
Added to database: 4/8/2026, 8:35:52 PM
Last enriched: 4/16/2026, 11:33:51 AM
Last updated: 5/24/2026, 10:49:24 AM
Views: 99
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.