- Juniper Networks has paved a vulnerability in its routers
- The defect was being abused by Chinese threat actors
- Multiple devices were vulnerable
Juniper Networks has launched a patch for vulnerability that was exploding in nature to attack some of its router brands.
According to the company’s security notice, the error is inappropriate isolation or comparison weakness, and is traced as CVE-2025-21590. It was given a gravity score of 6.7 (medium).
The error is used by Chinese computer pirates, who had been exploiting it from 2024 to the vulnerable rear door juniper who reached the end of life, a recent Madiant security report revealed.
Chinese hackers
“In mid -2024, Mandiant discovered that the threat actors deployed custom rear stalls operating in the juniper operating system of Juniper Networks,” explained the cyber security company. “Mandiant attributed these rear doors to the Chinese-Nexus espionage group, UNC3886. Mandiant discovered several rear-based rear-based rear plays that operate in Junos Junos Junos Juniper Networks routines.”
UNC3886 was observed in the past aimed at defense, technology and telecommunications organizations with sophisticated malware, implemented through zero day vulnerabilities.
It affects at least these models: NFX series, Virtual SRX, SRX series branch, SRX HE series, ex-series, QFX-series, ACX and MX-series, however, Juniper Networks said it is still investigating vulnerability and that the complete list could be different.
The error can be exploited to allow local attackers with high privileges to execute arbitrary code in the routers and, therefore, compromise them.
“At least one instance of malicious exploitation (not at Amazon) the Juniper Sir has been informed,” Juniper said in his warning. “Customers are encouraged to update a fixed launch as soon as available and, meanwhile, take measures to mitigate this vulnerability.”
The problem was solved in 21.4r3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent communicated.
At the same time, CISA added the error to its well -known catalog of exploited vulnerabilities (KEV), confirming reports of flow abuse and provide federal civil executive branch agencies (FCEB) three weeks to apply the patch or stop using vulnerable solutions.
Through Bleepingcomputer
