CVE-2025-30661 is a high-severity vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) affecting Juniper Networks Junos OS. Specifically, it impacts the line card script processing mechanism on certain Juniper hardware line cards, including MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. The vulnerability allows a local, low-privileged user with access to the local file system to place a script on the router that will be executed with root privileges during system boot. This improper permission assignment enables privilege escalation from a low-privileged user to root, potentially granting full control over the affected device. The affected Junos OS versions span multiple recent releases: from 23.2 before 23.2R2-S4, 23.4 before 23.4R2-S5, 24.2 before 24.2R2-S1, and 24.4 before 24.4R1-S3 and 24.4R2. Versions prior to 23.1R2 are not affected. The vulnerability requires local access and user interaction (copying the script), but the impact on confidentiality, integrity, and availability is high, as root access can lead to full system compromise. No known exploits are currently reported in the wild, but the CVSS v3.1 score is 7.3 (high), reflecting the significant risk posed by this vulnerability in environments where local access is possible. Juniper’s line cards affected are typically deployed in enterprise and service provider networks, making this a critical concern for network infrastructure security.

For European organizations, the impact of CVE-2025-30661 could be severe, particularly for those relying on Juniper Networks infrastructure in their core or edge network environments. Successful exploitation would allow an attacker with local access—potentially through insider threats, compromised maintenance accounts, or lateral movement after initial breach—to escalate privileges to root on critical network devices. This could lead to unauthorized configuration changes, interception or manipulation of network traffic, disruption of network services, and persistent backdoors within network infrastructure. Given the critical role of routers and switches in maintaining network availability and security, this vulnerability could compromise confidentiality, integrity, and availability of organizational data and services. European sectors such as telecommunications, finance, government, and critical infrastructure operators that deploy Juniper hardware are particularly at risk. The ability to execute arbitrary scripts as root during boot could also facilitate stealthy persistence mechanisms that evade detection and complicate incident response efforts.

To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Immediate identification and inventory of Juniper devices using affected line cards and Junos OS versions. 2) Apply vendor patches or updates as soon as they become available from Juniper Networks for the affected Junos OS versions. Since no patch links are currently provided, organizations should monitor Juniper’s official advisories closely. 3) Restrict local file system access on affected devices strictly to trusted administrators and implement strong access controls and auditing to detect unauthorized file operations. 4) Employ network segmentation and zero-trust principles to limit the ability of low-privileged users to gain local access to critical network devices. 5) Monitor device logs and boot processes for unusual script executions or modifications to startup scripts. 6) Use configuration management and integrity verification tools to detect unauthorized changes to device scripts or configurations. 7) Conduct regular security training for administrators to recognize and prevent privilege escalation attempts. 8) Consider deploying host-based intrusion detection systems (HIDS) or endpoint detection and response (EDR) solutions on network management systems to detect suspicious activities related to device management.