Juniper Networks has released an emergency update to address a severe vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

The security issue is tracked as CVE-2025-21589 and an attacker could exploit it to take full control of the device.

This issue affects:

Session Smart Router:

• from 5.6.7 before 5.6.17;
• from 6.0.8;
• from 6.1 before 6.1.12-lts;
• from 6.2 before 6.2.8-lts;
• from 6.3 before 6.3.3-r2;

Session Smart Conductor: 

• from 5.6.7 before 5.6.17;
• from 6.0.8;
• from 6.1 before 6.1.12-lts;
• from 6.2 before 6.2.8-lts;
• from 6.3 before 6.3.3-r2;

WAN Assurance Router: 

• from 5.6.7 before 5.6.17;
• from 6.0.8;
• from 6.1 before 6.1.12-lts;
• from 6.2 before 6.2.8-lts;
• from 6.3 before 6.3.3-r2;

Additional information about vulnerabilities and updates can be found at Juniper Networks security advisory – juniper.net