Unrated severityNVD Advisory· Published Jul 11, 2025· Updated Feb 26, 2026

Junos OS: After removing ssh public key authentication root can still log in

CVE-2025-52983

Description

A UI Discrepancy for Security Feature

vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device.

On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can still log in as root. This issue affects Junos OS:

all versions before 22.2R3-S7,
22.4 versions before 22.4R3-S5,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S3,
24.2 versions before 24.2R1-S2, 24.2R2.

Affected products

Juniper Networks/Junosllm-fuzzy
Range: all versions before 22.2R3-S7, 22.4 versions before 22.4R3-S5, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S3, 24.2 versions before 24.2R1-S2, 24.2R2
Juniper Networks/Junos OSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

supportportal.juniper.net/JSA100089mitrevendor-advisory
www.juniper.net/documentation/us/en/software/junos/junos-install-upgrade/topics/topic-map/vm-host-overview.htmlmitretechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000