Junos OS Evolved RE Firewall Preflist Match Bypass (before 24.4R2-EVO)
CVE-2025-52985 Published on July 11, 2025
Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching
A Use of Incorrect Operator
vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions.
When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered.
This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output.
This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes.
This issue affects Junos OS Evolved:
* 23.2R2-S3-EVO versions before 23.2R2-S4-EVO,
* 23.4R2-S3-EVO versions before 23.4R2-S5-EVO,
* 24.2R2-EVO versions before 24.2R2-S1-EVO,
* 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.
This issue doesn't affect Junos OS Evolved versions before 23.2R1-EVO.
Vulnerability Analysis
CVE-2025-52985 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Use of Incorrect Operator
The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. These types of errors are generally the result of a typo.
Products Associated with CVE-2025-52985
Want to know whenever a new CVE is published for Juniper Networks Junos Os Evolved? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS Evolved:- Version 23.2R2-S3-EVO and below 23.2R2-S4-EVO is affected.
- Version 23.4R2-S3-EVO and below 23.4R2-S5-EVO is affected.
- Version 24.2R2-EVO and below 24.2R2-S1-EVO is affected.
- Version 24.4-EVO and below 24.4R1-S3-EVO, 24.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.