Source: www.securityweek.com – Author: Eduard Kovacs
Juniper Networks last week published an out-of-cycle security bulletin to inform customers about the availability of patches for a critical authentication bypass vulnerability affecting its Session Smart Router product.
Cybersecurity agencies in Italy and Belgium alerted organizations about the vulnerability on Monday.
The security hole, tracked as CVE-2025-21589, has been described by Juniper as an authentication bypass that involves an “alternate path or channel vulnerability”. It can allow a network-based attacker to take administrative control of the targeted device.
The vulnerability affects the software-based Session Smart Router, which powers Juniper’s SD-WAN solution, as well as Session Smart Conductor and WAN Assurance Managed Router. Versions 5.6.17, 6.1.12-lts, 6.2.8-lts, and 6.3.3-r2 for each of the impacted products patch the flaw.
Organizations using the affected products have been advised to update as soon as possible. The vendor noted, however, that the flaw has been automatically patched on some devices.
While CVE-2025-21589 is a critical issue, Juniper pointed out that it was discovered during internal product security testing and the company is not aware of malicious exploitation.
On the other hand, threat actors have been known to target Session Smart Routers. In December 2024, Juniper warned customers that Session Smart Routers that had been using default credentials were being ensnared into a Mirai-based botnet.
Related: Justice Department Sues to Block $14 Billion Juniper Buyout by Hewlett Packard Enterprise
Advertisement. Scroll to continue reading.
Related: Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS
Related: Juniper Networks Patches Dozens of Vulnerabilities
Related: Juniper Networks Warns of Critical Authentication Bypass Vulnerability
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.
Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.
Original Post URL: https://www.securityweek.com/critical-vulnerability-patched-in-juniper-session-smart-router/
Category & Tags: Vulnerabilities,Juniper,vulnerability – Vulnerabilities,Juniper,vulnerability
Views: 2
