Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Juniper Networks' Products
Alerts

Critical Vulnerability in Juniper Networks' Products

20 February 2025

Juniper Networks has released security updates addressing a critical vulnerability affecting their Session Smart Routers. Users and administrators of affected products are advised to update to the latest versions immediately.

Juniper Networks has released security updates addressing a critical vulnerability (CVE-2025-21589) affecting their Session Smart Router, Session Smart Conductor and wide area network (WAN) Assurance Router.

Successful exploitation of the application programming interface's (API) authentication bypass vulnerability could allow a network-based attacker to bypass authentication and take administrative control of the device.

The vulnerability affects the following Session Smart Router, Session Smart Conductor and WAN Assurance Managed Routers versions:

  • from 5.6.7 before 5.6.17

  • from 6.0.8

  • from 6.1 before 6.1.12-lts

  • from 6.2 before 6.2.8-lts

  • from 6.3 before 6.3.3-r2

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US

https://securityaffairs.com/174365/security/juniper-networks-fixed-a-critical-flaw-in-session-smart-routers.html


Back to top