CVE-2025-30660
published 2025-04-09CVE-2025-30660: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an…
high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRXVXREMUX
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop.
When this issue occurs the following logs can be observed:
MQSS(0): LI-3: Received a parcel with more than 512B accompanying data
CHASSISD_FPC_ASIC_ERROR: ASIC Error detected
This issue affects Junos OS:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S8,
* 22.2 versions before 22.2R3-S4,
* 22.4 versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S2,
* 23.4 versions before 23.4R2.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | < 21.2 | 21.2 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | mx_series | — | — |
| juniper_networks | junos_os | < 21.2R3-S9 | 21.2R3-S9 |
| juniper_networks | junos_os | >= 21.4 < 21.4R3-S8 | 21.4R3-S8 |
| juniper_networks | junos_os | >= 22.2 < 22.2R3-S4 | 22.2R3-S4 |
| juniper_networks | junos_os | >= 22.4 < 22.4R3-S5 | 22.4R3-S5 |
| juniper_networks | junos_os | >= 23.2 < 23.2R2-S2 | 23.2R2-S2 |
| juniper_networks | junos_os | >= 23.4 < 23.4R2 | 23.4R2 |