Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.
The security flaw (tracked as CVE-2025-21589) was found during internal product security testing, and it also affects Session Smart Conductor and WAN Assurance Managed Routers.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device,” the American networking infrastructure company said in an out-of-cycle security advisory released last week.
According to Juniper’s Security Incident Response Team (SIRT), the company has yet to find evidence that the vulnerability has been targeted in attacks.
Juniper has fixed the vulnerability in SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2, and subsequent releases. While the company says that some devices connected to the Mist Cloud have already been patched, admins are advised to upgrade all affected systems to one of these patched software versions.
“In a Conductor-managed deployment, it is sufficient to upgrade only the Conductor nodes and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor,” Juniper said.
Frequently targeted in attacks
Juniper devices are commonly targeted in attacks due to their use in critical environments and are regularly targeted within less than a week after the vendor releases security updates.
For instance, in June last year, Juniper released emergency updates to address another SSR authentication bypass (tracked as CVE-2024-2973) that can be exploited to take full control of unpatched devices.
In August, the ShadowServer threat monitoring service warned of threat actors using a watchTowr Labs proof-of-concept (PoC) exploit targeting a remote code execution exploit chain to attack Juniper EX switches and SRX firewalls.
One month later, VulnCheck found thousands of Juniper devices still vulnerable to attacks using the same exploit chain.
More recently, in December, Juniper also warned customers of attackers scanning the Internet for Session Smart routersusing default credentials and infecting them with Mirai malware.
