CVE-2025-21595

CWE-401Memory Leak4 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 77.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedApr 9

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually lea

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolved21.4-EVO21.4R3-S4-EVO+4
CVEListV5juniper_networks/junos_os21.421.4R3-S4+4
NVDjuniper/junos< 21.2+5

🔴Vulnerability Details

2
CVEList
Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash2025-04-09
GHSA
GHSA-7fvw-hrgg-4cr6: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evo2025-04-09

📋Vendor Advisories

1
Juniper
CVE-2025-21595: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evo2025-04-09
CVE-2025-21595 (HIGH CVSS 7.1) | A Missing Release of Memory after E | cvebase.io