A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networks’ Session Smart Router.
February 18, 2025 By Eduard Kovacs
Juniper Networks last week published an out-of-cycle security bulletin to inform customers about the availability of patches for a critical authentication bypass vulnerability affecting its Session Smart Router product.
Cybersecurity agencies in Italy and Belgium alerted organizations about the vulnerability on Monday.
The security hole, tracked as CVE-2025-21589, has been described by Juniper as an authentication bypass that involves an “alternate path or channel vulnerability”. It can allow a network-based attacker to take administrative control of the targeted device.
The vulnerability affects the software-based Session Smart Router, which powers Juniper’s SD-WAN solution, as well as Session Smart Conductor and WAN Assurance Managed Router. Versions 5.6.17, 6.1.12-lts, 6.2.8-lts, and 6.3.3-r2 for each of the impacted products patch the flaw.
