70/68 Thursday, February 20, 2025
Juniper Networks has released a patch to address a critical vulnerability, CVE-2025-21589, which has been assigned a CVSS severity score of 9.8. This vulnerability allows attackers to bypass authentication processes and gain control over affected devices. It impacts Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Routers across multiple versions. The company recommends updating to SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, and SSR-6.3.3-r2. Devices utilizing WAN Assurance with Mist Cloud will receive automatic updates. Juniper also advises users to verify and update their devices to the patched versions. Currently, there is no temporary workaround available, and no known exploitation of this vulnerability has been reported.
In July 2024, Juniper Networks previously released a patch for CVE-2024-2973, a vulnerability with a CVSS severity score of 10.0, which affected devices configured in High-Availability Redundant Configuration. The company urged users to update their systems immediately to mitigate the risk of cyberattacks.
