Juniper Session Smart Router auth bypass alt path <6.3.3-r2
CVE-2025-21589 Published on January 27, 2026
Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability
An Authentication Bypass Using an
Alternate Path or Channel vulnerability in Juniper Networks Session Smart
Router may allows a network-based attacker to bypass authentication
and take administrative control of the device.
This issue affects Session Smart Router:
* from 5.6.7 before 5.6.17,
* from 6.0 before 6.0.8 (affected from 6.0.8),
* from 6.1 before 6.1.12-lts,
* from 6.2 before 6.2.8-lts,
* from 6.3 before 6.3.3-r2;
This issue affects Session Smart Conductor:
* from 5.6.7 before 5.6.17,
* from 6.0 before 6.0.8 (affected from 6.0.8),
* from 6.1 before 6.1.12-lts,
* from 6.2 before 6.2.8-lts,
* from 6.3 before 6.3.3-r2;
This issue affects WAN Assurance Managed Routers:
* from 5.6.7 before 5.6.17,
* from 6.0 before 6.0.8 (affected from 6.0.8),
* from 6.1 before 6.1.12-lts,
* from 6.2 before 6.2.8-lts,
* from 6.3 before 6.3.3-r2.
Vulnerability Analysis
CVE-2025-21589 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Affected Versions
Juniper Networks Session Smart Router:- Version 5.6.7 and below 5.6.17 is affected.
- Version 6.0 and below 6.0.8 is unaffected.
- Version 6.1 and below 6.1.12-lts is affected.
- Version 6.2 and below 6.2.8-lts is affected.
- Version 6.3 and below 6.3.3-r2 is affected.
- Version 5.6.7 and below 5.6.17 is affected.
- Version 6.0 and below 6.0.8 is unaffected.
- Version 6.1 and below 6.1.12-lts is affected.
- Version 6.2 and below 6.2.8-lts is affected.
- Version 6.3 and below 6.3.3-r2 is affected.
- Version 5.6.7 and below 5.6.17 is affected.
- Version 6.0 and below 6.0.8 is unaffected.
- Version 6.1 and below 6.1.12-lts is affected.
- Version 6.2 and below 6.2.8-lts is affected.
- Version 6.3 and below 6.3.3-r2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.