Juniper Junos OS VM Host Root Access via Private Key (pre-22.2R3-S7)
CVE-2025-52983 Published on July 11, 2025
Junos OS: After removing ssh public key authentication root can still log in
A UI Discrepancy for Security Feature
vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.
On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root.
This issue affects Junos OS:
* all versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S3,
* 24.2 versions before 24.2R1-S2, 24.2R2.
Vulnerability Analysis
CVE-2025-52983 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
UI Discrepancy for Security Feature
The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a "restrict ALL'" access control rule, but the software only implements "restrict SOME".
Products Associated with CVE-2025-52983
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Before 22.2R3-S7 is affected.
- Version 22.4 and below 22.4R3-S5 is affected.
- Version 23.2 and below 23.2R2-S3 is affected.
- Version 23.4 and below 23.4R2-S3 is affected.
- Version 24.2 and below 24.2R1-S2, 24.2R2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.