Vulnerability Management, Network Security, IoT, Patch/Configuration Management

Actively exploited Juniper router vulnerability addressed

Juniper Networks logo

BleepingComputer reports that updates have been issued by Juniper Networks to resolve a medium-severity Junos OS vulnerability impacting several of its routers, tracked as CVE-2025-21590, which was disclosed by Google's Mandiant team to have been exploited by Chinese cyberespionage hacking group UNC3886 to facilitate the deployment of six different TINYSHELL-based backdoors in an attack campaign last year.

"Customers are encouraged to upgrade to a fixed release as soon as it's available and in the meantime take steps to mitigate this vulnerability. While the complete list of resolved platforms is under investigation, it is strongly recommended to mitigate the risk of exploitation by restricting shell access to trusted users only," said Juniper, which noted the security issue to stem from inadequate isolation or compartmentalization.

Such a flaw has also been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the bug by Apr. 3.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds