Summary: Juniper Networks has issued a security bulletin regarding an actively exploited vulnerability (CVE-2025-21590) in multiple versions of Junos OS that could allow local attackers to execute arbitrary code. The vulnerability affects several versions prior to specific release thresholds and has been linked to reports of exploitation by a China-based espionage group. Organizations are strongly urged to upgrade their devices and restrict access to mitigate risk.

Affected: Juniper Networks, Junos OS

Keypoints :

• The vulnerability is categorized as an “Improper Isolation or Compartmentalization” issue in Junos OS’s kernel.
• A local attacker with shell access can potentially inject arbitrary code and compromise the device.
• Impacted versions include all releases before 21.2R3-S9 up to 24.2R2, with Junos OS Evolved unaffected.
• Mandiant has linked exploitation of this vulnerability to a Chinese espionage group, noting custom backdoors deployed on affected routers.
• The Cybersecurity and Infrastructure Security Agency (CISA) included this issue in its Known Exploited Vulnerabilities Catalog, urging immediate remediation before April 3, 2025.
• Juniper recommends upgrading to fixed releases and limiting shell access to trusted users as mitigation steps.