- Description
- An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2; This issue affects Session Smart Conductor: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2; This issue affects WAN Assurance Managed Routers: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2.
- Source
- sirt@juniper.net
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- sirt@juniper.net
- CWE-288
- Hype score
- Not currently trending
We have just added an important vulnerability affecting Juniper Session Smart Router and other products (CVE-2025-21589) https://t.co/921sOz3EX1
@vuldb
28 Jan 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-21589 - Critical An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take ad... https://t.co/ujpAflp1J3 https://t.co/WANG5sxvq3
@TheHackerWire
27 Jan 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21589 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authe… https://t.co/VJvnrDqFSL
@CVEnew
27 Jan 2026
200 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability CVE-2025-21589 patched in Juniper Session Smart Router for secure business operations. https://t.co/2CRIcSIbC0
@threatlight
2 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A #SevereFlaw in Juniper Networks' devices (CVE-2025-21589) could give hackers full admin access. With a CVSS score of 9.8, this flaw poses a serious risk to your #network. Find out how to protect your organization in this #CybersecurityThreatAdvisory: https://t.co/nOgmUtZaoU
@SmarterMSP
24 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Juniper Networks has released security updates addressing CVE-2025-21589. Affected products: Session Smart Router, Session Smart Connector and WAN Assurance Managed Router.
@triunedigisec
24 Feb 2025
30 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Public Advisory 🚨! Juniper has addressed a critical vulnerability, CVE-2025-21589, affecting Session Smart Router, Session Smart Conductor, and WAN Assurance Routers. CVSS v3.1 score: 9.8. Attackers can bypass authentication, potentially gaining admin control. #Juniper #CVE2025
@cirtgovjm
20 Feb 2025
125 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Atenção, profissionais de TI! Uma vulnerabilidade crítica (CVE-2025-21589) em produtos da Juniper Networks permite que atacantes contornem a autenticação com potencial para controle total. Atualizações já estão disponíveis; não perca tempo! Segurança em primeiro lugar!
@IncursioHack
19 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Juniper Networks Authentication Bypass Vulnerability🚨 Vulnerability Details: CVE-2025-21589 (CVSS 9.8/10) Juniper Networks Session Smart Router, Session Smart Conductor and WAN Assurance Managed Routers Authentication Bypass Vulnerability Impact: A… http
@CyberxtronTech
19 Feb 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical Juniper Networks Authentication Bypass Vulnerability🚨 Vulnerability Details: CVE-2025-21589 (CVSS 9.8/10) Juniper Networks Session Smart Router, Session Smart Conductor and WAN Assurance Managed Routers Authentication Bypass Vulnerability Impact: A… http
@CyberxtronTech
19 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Juniper、セッションスマートルーターの重大な脆弱性を修正(CVE-2025-21589) #セキュリティ #セキュリティ対策Lab https://t.co/4FIdiiX02G
@securityLab_jp
19 Feb 2025
12 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21589 impacts Juniper Networks Products #JuniperNetworks #CVE-2025-21589 https://t.co/B0hGdW09FH
@pravin_karthik
19 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👉 Juniper Networks detectó una vulnerabilidad crítica (CVE-2025-21589) que permite eludir la autenticación y apoderarse de los dispositivos Session Smart Router (SSR) y también afecta a Session Smart Conductor y WAN Assurance Managed Routers. 🧉 https://t.co/WhE49jK0za
@MarquisioX
18 Feb 2025
65 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Juniper Networks has patched a critical auth bypass vulnerability (CVE-2025-21589) in Session Smart Routers, risking admin control. Admins urged to upgrade systems. 🇺🇸 #JuniperNetworks #SSR #SecurityPatch link: https://t.co/DkwlQWdW1v https://t.co/E01g1fmxdH
@TweetThreatNews
18 Feb 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Juniper API Authentication Bypass Vulnerability 📅 Timeline: Disclosure: 2025-02-01, Patch: N/A 🆔cveId: CVE-2025-21589 📊baseScore: 9.8 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: Critical 🔴 🛠️exploitMaturity: Not Available… ht
@syedaquib77
18 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
برای برخی محصولات Juniper شامل : Smart Router و Smart Conductor و Assurance Router آسیب پذیری با کد شناسایی CVE-2025-21589 منتشر شده است. این آسیب پذیری از نوع authentication bypass بوده و باعث می شود هکر بتواند روی دیوایس ها ، کنترل کامل داشته باشد. https://t.co/Poz3aKY03t http
@AmirHossein_sec
18 Feb 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JuniperがSession Smart製品のAPI認証回避の脆弱性(CVE-2025-21589)を公表。この脆弱性は、REST APIの認証ヘッダー処理における暗号的欠陥により、攻撃者が改ざんしたJWTを使用して管理者権限を取得し、不正なルーティングポリシーの適用や暗号鍵の窃取を可能にする。 https://t.co/jv0sRHqVNB
@yousukezan
18 Feb 2025
971 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
🔒 Juniper Networks warns of a critical authentication bypass flaw (CVE-2025-21589) in its Session Smart Routers, scoring 9.8 on CVSS. Admin control risk high. Upgrade is essential! 🇺🇸 #JuniperNetworks #RouterSecurity link: https://t.co/rLJQBh4v2q https://t.co/n5vnveu5kY
@TweetThreatNews
18 Feb 2025
77 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical authentication bypass vulnerability (CVE-2025-21589) has been patched in Juniper's Session Smart Router. Agencies in Italy & Belgium warn of potential risks. Update systems! 🇮🇹 #JuniperNetworks #ITSecurity #Belgium link: https://t.co/YUWYdfypUF https://t.co/y
@TweetThreatNews
18 Feb 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21589 (CVSS 9.8): Critical Authentication Bypass Flaw in Juniper Session Smart Routers https://t.co/dqeLBYBG1f
@Dinosn
18 Feb 2025
1990 Impressions
4 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes