CVE-2025-21590
Published: 12 March 2025
Summary
CVE-2025-21590 is a medium-severity Improper Isolation or Compartmentalization (CWE-653) vulnerability in Juniper Junos. Its CVSS base score is 4.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Process Injection (T1055); ranked in the top 17.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-21590 by requiring timely patching to the fixed Junos OS releases, addressing the kernel isolation flaw.
Enforces process isolation to prevent improper compartmentalization vulnerabilities like CWE-653, blocking arbitrary code injection across execution domains.
Implements memory protections such as non-executable regions to defend against arbitrary code injection attempts exploiting kernel isolation flaws.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The kernel improper isolation vulnerability (CVE-2025-21590) allows a local privileged attacker with shell access to inject arbitrary code (shellcode loader and payloads) into legitimate processes like cat, bypassing Veriexec file integrity protections. This directly enables Process Injection (T1055).
NVD Description
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject…
more
arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
Deeper analysisAI
CVE-2025-21590 is an Improper Isolation or Compartmentalization vulnerability (CWE-653) in the kernel of Juniper Networks Junos OS. It enables a local attacker with high privileges to compromise the integrity of the device by injecting arbitrary code. The issue affects Junos OS versions prior to 21.2R3-S9; 21.4 versions before 21.4R3-S10; 22.2 versions before 22.2R3-S6; 22.4 versions before 22.4R3-S6; 23.2 versions before 23.2R2-S3; 23.4 versions before 23.4R2-S4; and 24.2 versions before 24.2R1-S2 or 24.2R2. The vulnerability has a CVSS v3.1 base score of 4.4 (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) and was published on 2025-03-12.
A local attacker with shell access and high privileges can exploit this vulnerability to inject arbitrary code, leading to device integrity compromise. Exploitation is not possible from the Junos CLI, requiring prior shell access, which limits the attack surface to scenarios where an attacker has already achieved elevated local access.
The Juniper advisory (JSA93446) details mitigation through upgrading to the fixed releases listed for each affected version branch. CISA has added CVE-2025-21590 to its Known Exploited Vulnerabilities catalog, indicating real-world exploitation.
A Google Cloud threat intelligence blog highlights China-nexus espionage activity targeting Juniper routers, providing notable context for this vulnerability in active threat campaigns.
Details
- CWE(s)
- KEV Date Added
- 13 March 2025