CVE-2025-52989

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration.

A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part of the device configuration.

This issue affects:

Junos OS:

• all versions before 22.2R3-S7,
• 22.4 versions before 22.4R3-S7,
• 23.2 versions before 23.2R2-S4,
• 23.4 versions before 23.4R2-S4,
• 24.2 versions before 24.2R2-S1,
• 24.4 versions before 24.4R1-S2, 24.4R2;

Junos OS Evolved:

• all versions before 22.4R3-S7-EVO,

• 23.2-EVO versions before 23.2R2-S4-EVO,

• 23.4-EVO versions before 23.4R2-S5-EVO,

• 24.2-EVO versions before 24.2R2-S1-EVO

• 24.4-EVO versions before 24.4R2-EVO.