{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13914", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-12-02T17:48:47.280Z", "datePublished": "2026-04-09T21:32:14.834Z", "dateUpdated": "2026-04-09T21:32:14.834Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apstra", "vendor": "Juniper Networks", "versions": [{"lessThan": "6.1.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank the Federal Office for Information Security (BSI) for responsibly reporting this vulnerability."}], "datePublic": "2026-04-08T10:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, M<span style=\"background-color: rgb(255, 255, 255);\">ITM </span>\n\nattacker to impersonate managed devices.<br><br>Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.<br><br>This issue affects all versions of&nbsp;Apstra before 6.1.1."}], "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM \n\nattacker to impersonate managed devices.\n\nDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\n\nThis issue affects all versions of\u00a0Apstra before 6.1.1."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/R:U/RE:M", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-322", "description": "CWE-322 Key Exchange without Entity Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:32:14.834Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107862"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following\nsoftware releases have been updated to resolve this specific issue:&nbsp;Apstra 6.1.1, and all subsequent releases.<br>"}], "value": "The following\nsoftware releases have been updated to resolve this specific issue:\u00a0Apstra 6.1.1, and all subsequent releases."}], "source": {"advisory": "JSA107862", "defect": ["AOS-56131"], "discovery": "EXTERNAL"}, "title": "Apstra: SSH host key validation vulnerability for managed devices", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM \n\nattacker to impersonate managed devices.\n\nDue to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials.\n\nThis issue affects all versions of\u00a0Apstra before 6.1.1."}], "id": "CVE-2025-13914", "lastModified": "2026-04-09T22:16:22.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:22.697", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107862"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-322"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.1.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Apstra", "source": "cna", "vendor": "Juniper Networks"}, "product": "apstra", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-10T00:24:35.471802+00:00", "value": {"mitigation_remediation": ["Upgrade Apstra to version 6.1.1 or later to apply the vendor patch that resolves the SSH host key validation flaw.", "No known workaround available."], "summary": {"action": "Immediate Patch", "impact": "Impersonation of Managed Devices via SSH MitM"}, "threat_synthesis": {"affected_systems": "The flaw affects every Apstra release prior to 6.1.1. Systems running 6.1.1 or any later release are not vulnerable. This includes all versions deployed by Juniper Networks customers for device management.", "description_and_impact": "Juniper Networks Apstra contains a Key Exchange without Entity Authentication flaw in its SSH implementation that allows an unauthenticated attacker to perform a man-in-the-middle on the connections between Apstra and its managed devices. The lack of proper host key validation lets the attacker impersonate a managed device and capture credentials transmitted over SSH. The vulnerability is classified as CWE-322, reflecting the absence of safe authentication in the key exchange process.", "risk_and_exploitability": "The CVSS v3.1 score of 7.0 denotes high severity, but EPSS data is not available and the issue is not listed in the CISA KEV catalog. The attack requires the ability to intercept network traffic between Apstra and its target devices; an unauthenticated attacker who can position themselves in that path can execute a MitM and impersonate the device. Because the vulnerability is network-based and does not require privileged access to Apstra, the likelihood of exploitation in exposed environments remains a significant threat."}}}}, "created": "2026-04-10T08:37:00.263649+00:00", "updated": "2026-04-10T09:27:57.921351+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$apstra"]}