Critical severity9.8NVD Advisory· Published Jan 27, 2026· Updated Apr 15, 2026
CVE-2025-21589
CVE-2025-21589
Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device.
This issue affects Session Smart Router:
- from 5.6.7 before 5.6.17,
- from 6.0 before 6.0.8 (affected from 6.0.8),
- from 6.1 before 6.1.12-lts,
- from 6.2 before 6.2.8-lts,
- from 6.3 before 6.3.3-r2;
This issue affects Session Smart Conductor:
- from 5.6.7 before 5.6.17,
- from 6.0 before 6.0.8 (affected from 6.0.8),
- from 6.1 before 6.1.12-lts,
- from 6.2 before 6.2.8-lts,
- from 6.3 before 6.3.3-r2;
This issue affects WAN Assurance Managed Routers:
- from 5.6.7 before 5.6.17,
- from 6.0 before 6.0.8 (affected from 6.0.8),
- from 6.1 before 6.1.12-lts,
- from 6.2 before 6.2.8-lts,
- from 6.3 before 6.3.3-r2.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.