Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-21592

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2.

Published

2025-01-09T17:15:18.203

Last Modified

2026-01-26T19:36:51.937

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.2	Yes
Operating System	juniper	junos	23.4	Yes
Operating System	juniper	junos	23.4	Yes
Operating System	juniper	junos	23.4	Yes
Operating System	juniper	junos	23.4	Yes
Hardware	juniper	srx1500	-	No
Hardware	juniper	srx1600	-	No
Hardware	juniper	srx2300	-	No
Hardware	juniper	srx300	-	No
Hardware	juniper	srx320	-	No
Hardware	juniper	srx340	-	No
Hardware	juniper	srx345	-	No
Hardware	juniper	srx380	-	No
Hardware	juniper	srx4100	-	No
Hardware	juniper	srx4120	-	No
Hardware	juniper	srx4200	-	No
Hardware	juniper	srx4300	-	No
Hardware	juniper	srx4600	-	No
Hardware	juniper	srx4700	-	No
Hardware	juniper	srx5400	-	No
Hardware	juniper	srx5600	-	No
Hardware	juniper	srx5800	-	No

References

https://supportportal.juniper.net/JSA92860 Vendor Advisory ([email protected])