csaf_certbund - wid-sec-w-2025-0552

WID-SEC-W-2025-0552

Vulnerability from csaf_certbund - Published: 2025-03-12 23:00 - Updated: 2025-03-13 23:00

Summary

Juniper JUNOS: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Juniper JUNOS ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Juniper JUNOS ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0552 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0552.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0552 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0552"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin vom 2025-03-12",
        "url": "https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory vom 2025-03-12",
        "url": "https://supportportal.juniper.net/s/article/2025-03-Reference-Advisory-The-RedPenguin-Malware-Incident?language=en_US"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2025-03-13T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-14T09:14:19.735+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0552",
      "initial_release_date": "2025-03-12T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-03-13T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: JSA95385"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c21.2R3-S9",
                "product": {
                  "name": "Juniper JUNOS \u003c21.2R3-S9",
                  "product_id": "T041877"
                }
              },
              {
                "category": "product_version",
                "name": "21.2R3-S9",
                "product": {
                  "name": "Juniper JUNOS 21.2R3-S9",
                  "product_id": "T041877-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:21.2r3-s9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c21.4R3-S10",
                "product": {
                  "name": "Juniper JUNOS \u003c21.4R3-S10",
                  "product_id": "T041878"
                }
              },
              {
                "category": "product_version",
                "name": "21.4R3-S10",
                "product": {
                  "name": "Juniper JUNOS 21.4R3-S10",
                  "product_id": "T041878-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:21.4r3-s10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c22.4R3-S6",
                "product": {
                  "name": "Juniper JUNOS \u003c22.4R3-S6",
                  "product_id": "T041880"
                }
              },
              {
                "category": "product_version",
                "name": "22.4R3-S6",
                "product": {
                  "name": "Juniper JUNOS 22.4R3-S6",
                  "product_id": "T041880-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:22.4r3-s6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c23.4R2-S4",
                "product": {
                  "name": "Juniper JUNOS \u003c23.4R2-S4",
                  "product_id": "T041883"
                }
              },
              {
                "category": "product_version",
                "name": "23.4R2-S4",
                "product": {
                  "name": "Juniper JUNOS 23.4R2-S4",
                  "product_id": "T041883-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:23.4r2-s4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c24.2R1-S2",
                "product": {
                  "name": "Juniper JUNOS \u003c24.2R1-S2",
                  "product_id": "T041884"
                }
              },
              {
                "category": "product_version",
                "name": "24.2R1-S2",
                "product": {
                  "name": "Juniper JUNOS 24.2R1-S2",
                  "product_id": "T041884-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:24.2r1-s2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c24.2R2",
                "product": {
                  "name": "Juniper JUNOS \u003c24.2R2",
                  "product_id": "T041885"
                }
              },
              {
                "category": "product_version",
                "name": "24.2R2",
                "product": {
                  "name": "Juniper JUNOS 24.2R2",
                  "product_id": "T041885-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:24.2r2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-21590",
      "product_status": {
        "known_affected": [
          "T041880",
          "T041878",
          "T041877",
          "T041885",
          "T041884",
          "T041883"
        ]
      },
      "release_date": "2025-03-12T23:00:00.000+00:00",
      "title": "CVE-2025-21590"
    }
  ]
}

CVE-2025-21590 (GCVE-0-2025-21590)

Vulnerability from cvelistv5 – Published: 2025-03-12 13:59 – Updated: 2025-10-21 22:55

Summary

An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

6.7 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-653 - Improper Isolation or Compartmentalization

Assigner

juniper

References

URL

Tags

	https://supportportal.juniper.net/JSA93446	vendor-advisory
	https://cloud.google.com/blog/topics/threat-intel…	third-party-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 0 , < 21.2R3-S9 (semver) Affected: 21.4 , < 21.4R3-S10 (semver) Affected: 22.2 , < 22.2R3-S6 (semver) Affected: 22.4 , < 22.4R3-S6 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S4 (semver) Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver)

Credits

Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this issue. Note: Amazon found the issue during internal security research and not due to exploitation.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21590",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T03:55:21.999597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21590"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:23.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21590"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-13T00:00:00+00:00",
            "value": "CVE-2025-21590 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S10",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S6",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S6",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S3",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R1-S2, 24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this issue. Note: Amazon found the issue during internal security research and not due to exploitation."
        }
      ],
      "datePublic": "2025-03-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.\u003cbr\u003e\u003cbr\u003eA local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.\u003cbr\u003eThis issue is not exploitable from the Junos CLI.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R1-S2, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.\n\nA local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.\nThis issue is not exploitable from the Junos CLI.\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  All versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S10,\u00a0\n  *  22.2 versions before 22.2R3-S6,\u00a0\n  *  22.4 versions before 22.4R3-S6,\u00a0\n  *  23.2 versions before 23.2R2-S3,\u00a0\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R1-S2, 24.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "At least one instance of malicious exploitation has been reported to the Juniper SIRT. Customers are encouraged to upgrade to a fixed release as soon as it\u0027s available and in the meantime take steps to mitigate this vulnerability."
            }
          ],
          "value": "At least one instance of malicious exploitation has been reported to the Juniper SIRT. Customers are encouraged to upgrade to a fixed release as soon as it\u0027s available and in the meantime take steps to mitigate this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-06T08:00:02.011Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA93446"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\u003c/p\u003e\n\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\u003cp\u003ePlease note that this issue is not fixed for all platforms in the releases specified in the solution section.\u003c/p\u003e\n\u003cp\u003eFor the following products the fix is only available in these releases:\u003c/p\u003e\n\u003cp\u003eSRX300 Series\u2003\u0026nbsp; 21.2R3-S9, 23.4R2-S5*, 24.4R1\u003c/p\u003e\n\u003cp\u003eSRX550HM\u2003\u2003\u2003 22.2R3-S7*\u003c/p\u003e\n\u003cp\u003eEX4300 Series \u0026nbsp; \u0026nbsp; 21.4R3-S11*  (except EX4300-48MP which has fixes available as indicated in the solution)\u003c/p\u003e\n\u003cp\u003eEX4600  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 21.4R3-S11*  (except EX4650 which has fixes available as indicated in the solution)\u003c/p\u003e\n\u003cp\u003eACX1000, ACX1100, ACX2100, ACX2200, ACX4000,\u003c/p\u003e\n\u003cp\u003eACX500  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;21.2R3-S9\u003c/p\u003e\n\u003cp\u003eMX104  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 21.2R3-S9\u003c/p\u003e\n\u003cp\u003e* Future Release\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\n\n\n\u00a0\n\n\nPlease note that this issue is not fixed for all platforms in the releases specified in the solution section.\n\n\nFor the following products the fix is only available in these releases:\n\n\nSRX300 Series\u2003\u00a0 21.2R3-S9, 23.4R2-S5*, 24.4R1\n\n\nSRX550HM\u2003\u2003\u2003 22.2R3-S7*\n\n\nEX4300 Series \u00a0 \u00a0 21.4R3-S11*  (except EX4300-48MP which has fixes available as indicated in the solution)\n\n\nEX4600  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 21.4R3-S11*  (except EX4650 which has fixes available as indicated in the solution)\n\n\nACX1000, ACX1100, ACX2100, ACX2200, ACX4000,\n\n\nACX500  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a021.2R3-S9\n\n\nMX104  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 21.2R3-S9\n\n\n* Future Release"
        }
      ],
      "source": {
        "advisory": "JSA93446",
        "defect": [
          "1838460",
          "1872010"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-03-12T14:00:00.000Z",
          "value": "Initial Publication"
        },
        {
          "lang": "en",
          "time": "2025-03-12T15:16:00.000Z",
          "value": "Corrected hotlinks for CVSS assessments"
        },
        {
          "lang": "en",
          "time": "2025-03-14T14:00:00.000Z",
          "value": "Rephrased sentences on Amazon involvement to reduce the chance for confusion"
        },
        {
          "lang": "en",
          "time": "2025-04-09T08:17:00.000Z",
          "value": "Updated solution section to clarify which platforms are not fixed in all but only in specific releases"
        },
        {
          "lang": "en",
          "time": "2025-04-14T07:15:00.000Z",
          "value": "For the products/platforms specifically mentioned in the solution section: Please note that Junos OS version 21.2R3-S9.20, which was made available last week, does not address the issue completely. We\u0027ll publish an updated version with the complete fix and update this advisory as soon as possible."
        },
        {
          "lang": "en",
          "time": "2025-05-06T08:00:00.000Z",
          "value": "For the products/platforms specifically mentioned in the solution section: Please note that Junos OS version 21.2R3-S9.21 has been publish with the complete fix."
        }
      ],
      "title": "Junos OS: An local attacker with shell access can execute arbitrary code",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "It is strongly recommended to mitigate the risk of exploitation by restricting shell access to trusted users only.\n\n\u003cbr\u003e"
            }
          ],
          "value": "It is strongly recommended to mitigate the risk of exploitation by restricting shell access to trusted users only."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-21590",
    "datePublished": "2025-03-12T13:59:43.038Z",
    "dateReserved": "2024-12-26T14:47:11.667Z",
    "dateUpdated": "2025-10-21T22:55:23.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-0552

CVE-2025-21590 (GCVE-0-2025-21590)

Tags

Sightings

Nomenclature