CVE-2025-30657
published 2025-04-09CVE-2025-30657: An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated…
medium6.9CVSS 4.0
AVNACLATNPRNUINVCNVINVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRAVXREMUX
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R1-S2, 23.2R2.
This issue does not affected Junos OS Evolved.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | < 21.2 | 21.2 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper_networks | junos_os | < 21.2R3-S9 | 21.2R3-S9 |
| juniper_networks | junos_os | >= 21.4 < 21.4R3-S10 | 21.4R3-S10 |
| juniper_networks | junos_os | >= 22.2 < 22.2R3-S6 | 22.2R3-S6 |
| juniper_networks | junos_os | >= 22.4 < 22.4R3 | 22.4R3 |
| juniper_networks | junos_os | >= 23.2 < 23.2R1-S2, 23.2R2 | 23.2R1-S2, 23.2R2 |