Summary: Juniper Networks has released patches for a critical vulnerability (CVE-2025-21589) that allows attackers to bypass authentication on Session Smart Router (SSR) devices, potentially granting them administrative control. This vulnerability also affects associated devices such as the Session Smart Conductor and WAN Assurance Managed Routers. While there is no evidence of active exploitation, administrators are strongly advised to upgrade affected systems to mitigate potential risks.
Affected: Juniper Networks Session Smart Router (SSR), Session Smart Conductor, WAN Assurance Managed Routers
Keypoints :
- Critical vulnerability allows administrative control of SSR devices through authentication bypass.
- Patch available for multiple versions; upgrade advised even for devices connected to Mist Cloud.
- Juniper devices frequently targeted in attacks, highlighting the urgency of applying security updates.