CVE-2025-30661

HIGH EPSS 6.4%

Published Jul 11, 202511mo ago · Modified Jun 17, 20261w ago

8.5 CVSS 4.0

High

Published Jul 11, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system. This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. This issue affects Junos OS: * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2. This issue does not affect versions prior to 23.1R2.

CVSS Details

Base Score

8.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:Amber

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

6.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-732

Affected Products 34

Vendor	Product	Version	Range
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.2	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	23.4	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.2	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	junos	24.4	any
juniper	ex9200-15c	*	any
juniper	lc4800	*	any
juniper	lc9600	*	any
juniper	mpc10e-10c	*	any
juniper	mpc10e-15c	*	any
juniper	mpc11	*	any
juniper	mx304-lmic16	*	any
juniper	srx4700	*	any

References 2

github.com https://github.com/orangecertcc/security-research/security/advisories/GHSA-2p66-9j7x-fmch

Third Party Advisory
supportportal.juniper.net https://supportportal.juniper.net/JSA100057

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.