CVE-2025-52964

CWE-617 — Reachable Assertion4 documents4 sources

Severity

7.1HIGH

EPSS

0.0%

top 95.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJul 11

Description

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attac…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved22.3 — 22.3R3-S3-EVO+4

▶NVDjuniper/junos_os_evolved< 21.4+5

▶CVEListV5juniper_networks/junos_os22.3 — 22.3R3-S3+6

▶NVDjuniper/junos< 21.4+5

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured↗2025-07-11

▶

GHSA

GHSA-jrx6-pjgp-jh2q: A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,↗2025-07-11

▶

📋Vendor Advisories

Juniper

CVE-2025-52964: A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,↗2025-07-11

▶