CVE-2025-60006

MEDIUM EPSS 59.4%
Published Oct 9, 20258mo ago · Modified Jun 17, 20262w ago
4.8 CVSS 4.0
Medium
Find Similar
Published Oct 9, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands, the options are processed via a script in some cases. These scripts are not hardened so injected commands might be executed via the shell, which allows an attacker to perform operations, which they should not be able to do according to their assigned permissions. This issue affects Junos OS Evolved: * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO. This issue does not affect Junos OS Evolved versions earlier than 24.2R1-EVO.

CVSS Details

Base Score
4.8
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
59.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 9

VendorProductVersionRange
juniperjunos_os_evolved24.2any
juniperjunos_os_evolved24.2any
juniperjunos_os_evolved24.2any
juniperjunos_os_evolved24.2any
juniperjunos_os_evolved24.2any
juniperjunos_os_evolved24.4any
juniperjunos_os_evolved24.4any
juniperjunos_os_evolved24.4any
juniperjunos_os_evolved24.4any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.