Juniper Networks has launched security updates to deal with a crucial security flaw impacting Session Good Router, Session Good Conductor, and WAN Assurance Router merchandise that might be exploited to hijack management of inclined gadgets.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 rating of 9.8 and a CVS v4 rating of 9.3.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Good Router might enable a network-based attacker to bypass authentication and take administrative management of the gadget,” the corporate mentioned in an advisory.
The vulnerability impacts the next merchandise and variations –
- Session Good Router: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- Session Good Conductor: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- WAN Assurance Managed Routers: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
Juniper Networks mentioned the vulnerability was found throughout inner product security testing and analysis, and that it isn’t conscious of any malicious exploitation.
The flaw has been addressed in Session Good Router variations SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2, and later.
“This vulnerability has been patched mechanically on gadgets that function with WAN Assurance (the place configuration can also be managed) related to the Mist Cloud,” the corporate added. “As sensible, the routers ought to nonetheless be upgraded to a model containing the repair.”
