Juniper Networks has issued a broad set of patches addressing dozens of security vulnerabilities across its product lines, including Junos OS, Junos OS Evolved, and Junos Space, reports SecurityWeek. The update covers multiple components, with 11 high-severity flaws affecting core elements like the packet forwarding engine, routing protocol daemon, and web management interfaces. In many cases, these vulnerabilities could lead to denial-of-service (DoS) conditions. While not all devices are affected, impacted models include EX, MX, and SRX Series platforms, with corresponding updates now available.
Beyond the high-severity bugs, Juniper also fixed 10 medium-severity vulnerabilities, most of which also pose DoS risks. One of the flaws, however, allows for potential information disclosure if exploited by a local, authenticated user via the command-line interface. These vulnerabilities underscore the need for consistent patching and access control, particularly for devices in sensitive or high-availability environments.
Alongside Junos OS updates, the company rolled out Junos Space version 24.1R3, which includes patches for nearly 50 third-party software vulnerabilities, some of which are rated critical. Similar fixes were issued for Junos Space Security Director and CTP View. Juniper has not reported active exploitation for most of these issues but encourages customers to check the support portal for full details and apply updates as soon as practical.
Separately, Juniper revised an earlier advisory related to CVE-2025-21590—a kernel vulnerability in Junos OS involving improper compartmentalization. While a patch has been issued for many platforms, some devices are still awaiting targeted fixes in upcoming updates. Juniper has acknowledged at least one instance of malicious exploitation of this vulnerability, highlighting the urgency for customers to upgrade or implement temporary mitigations where applicable.
