Home Embedded Vulns General Vulns

CVE-2025-21589

CRITICAL 9.8

Our Analysis: Embedded

Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.

Published Date January 27, 2026
Last Modified January 29, 2026
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An Authentication Bypass Using an
Alternate Path or Channel vulnerability in Juniper Networks Session Smart
Router may allows a network-based attacker to bypass authentication
and take administrative control of the device.

This issue affects Session Smart Router: 



* from 5.6.7 before 5.6.17, 
* from 6.0 before 6.0.8 (affected from 6.0.8),

* from 6.1 before 6.1.12-lts, 
* from 6.2 before 6.2.8-lts, 
* from 6.3 before 6.3.3-r2; 




This issue affects Session Smart Conductor: 



* from 5.6.7 before 5.6.17, 
* from 6.0 before 6.0.8 (affected from 6.0.8),

* from 6.1 before 6.1.12-lts, 
* from 6.2 before 6.2.8-lts, 
* from 6.3 before 6.3.3-r2; 




This issue affects WAN Assurance Managed Routers: 



* from 5.6.7 before 5.6.17, 
* from 6.0 before 6.0.8 (affected from 6.0.8),

* from 6.1 before 6.1.12-lts, 
* from 6.2 before 6.2.8-lts, 
* from 6.3 before 6.3.3-r2.