- Juniper Networks has corrected vulnerability in its routers
- The fault was mistreated by the actors of the Chinese threat
- Several devices were vulnerable
Juniper Networks has published a patch for a vulnerability that was exploited in the wild to attack some of its router brands.
According to the company’s security advice, the bug is an inappropriate isolation or a weakness of compartmentalization, and it is followed as CVE-2025-21590. He received a gravity score of 6.7 (middle).
The bug is used by Chinese pirates, who have been operating it since 2024 to the vulnerable stolen gateway groovers that have reached the end of life, a recent Madiant security ratio revealed.
Chinese pirates
“In the middle of 2024, Mandiant discovered that threat actors deployed personalized derivations operating on Juniper Networks Junos OS routers,” said the cybersecurity company. “Mandiant has attributed these deadlines to the China -Xus Espionage group, UNC3886. Mandiant discovered several wanderings based on Tinyshell operating on Juniper Networks Junos OS routers.”
UNC3886 has been observed in the past targeting defense, technology and telecommunications organizations with sophisticated malicious software, deployed through zero-day vulnerabilities.
It affects these models at least: the NFX, Virtual SRX, SRX-series Branch, SRX-SERIES HE, ex-series, QFX-SERIES, ACX and MX-SERIES, however, the Juniper networks said that it always investigated vulnerability and that the full list could be different.
The bug can be used to allow local attackers with high privileges to execute arbitrary code on routers, and thus compromise them.
“At least one malicious exploitation body (not at Amazon) has been reported to the Juniper Sirt,” said Juniper in his opinion. “Customers are encouraged to switch to a fixed version as soon as it is available and, in the meantime, take measures to mitigate this vulnerability.”
The problem was resolved in 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent versions.
At the same time, the CISA added the bug to its known vulnerability catalog (KEV), confirming abuse reports around the world and offering three -week civilian federal agencies (FCEB) to apply the patch or stop using vulnerable solutions.
Via Bleeping Compompute
