CVE-2025-52951

CWE-6934 documents4 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 75.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being supported, causing any term containing it to accept all packets without taking any other action. In essence, these firewall filter terms were being processed as a

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.421.4R3-S11+7
NVDjuniper/junos< 21.2+8

🔴Vulnerability Details

2
CVEList
Junos OS: IPv6 firewall filter fails to match payload-protocol2025-07-11
GHSA
GHSA-wgx4-f5ch-j468: A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic to an in2025-07-11

📋Vendor Advisories

1
Juniper
CVE-2025-52951: A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined2025-07-11
CVE-2025-52951 (MEDIUM CVSS 6.9) | A Protection Mechanism Failure vuln | cvebase.io