CVE-2025-52985

Name: CVE-2025-52985
Creator: NVD / NIST
Published: 2025-07-11T16:15:25.86+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.9/10EPSS 0.24%

Last modified Jun 17, 2026

CVE-2025-52985 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn't affect Junos OS Evolved versions before 23.2R1-EVO.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more than 10 entries, the prefix list doesn't match and packets destined to or from the local device are not filtered. This issue affects firewall filters applied to the re:mgmt interfaces as input and output, but only affects firewall filters applied to the lo0 interface as output. This issue is applicable to IPv4 and IPv6 as a prefix list can contain IPv4 and IPv6 prefixes. This issue affects Junos OS Evolved: * 23.2R2-S3-EVO versions before 23.2R2-S4-EVO, * 23.4R2-S3-EVO versions before 23.4R2-S5-EVO, * 24.2R2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue doesn't affect Junos OS Evolved versions before 23.2R1-EVO.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 4.0

6.9/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.24%

14.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-480

Affected Software

Vendor	Product	Versions	Update
Juniper	Junos Os Evolved	23.2	R2-S3
Juniper	Junos Os Evolved	23.4	R2-S3
Juniper	Junos Os Evolved	24.2	R2
Juniper	Junos Os Evolved	24.4	—

References

https://supportportal.juniper.net/JSA100091Vendor Advisory

Timeline

Published: Jul 11, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-52985?

How severe is CVE-2025-52985?

CVE-2025-52985 has a CVSS score of 6.9/10 (MEDIUM severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.

How do I fix CVE-2025-52985?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-52985?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST