CVE-2025-52964
published 2025-07-11CVE-2025-52964: A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated…
high7.1CVSS 4.0
AVAACLATNPRNUINVCNVINVAHSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition.
For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-EVO,
* from 23.4 before 23.4R2-EVO.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | < 21.4 | 21.4 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | junos_os_evolved | < 21.4 | 21.4 |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper | junos_os_evolved | — | — |
| juniper_networks | junos_os | < 21.4R3-S7 | 21.4R3-S7 |
| juniper_networks | junos_os | >= 22.1 < 22.1* | 22.1* |
| juniper_networks | junos_os | >= 22.2 < 22.2* | 22.2* |
| juniper_networks | junos_os | >= 22.3 < 22.3R3-S3 | 22.3R3-S3 |
| juniper_networks | junos_os | >= 22.4 < 22.4R3-S5 | 22.4R3-S5 |
| juniper_networks | junos_os | >= 23.2 < 23.2R2 | 23.2R2 |
| juniper_networks | junos_os | >= 23.4 < 23.4R2 | 23.4R2 |
| juniper_networks | junos_os_evolved | < 21.4R3-S7-EVO | 21.4R3-S7-EVO |
| juniper_networks | junos_os_evolved | >= 22.3 < 22.3R3-S3-EVO | 22.3R3-S3-EVO |
| juniper_networks | junos_os_evolved | >= 22.4 < 22.4R3-S5-EVO | 22.4R3-S5-EVO |
| juniper_networks | junos_os_evolved | >= 23.2 < 23.2R2-EVO | 23.2R2-EVO |
| juniper_networks | junos_os_evolved | >= 23.4 < 23.4R2-EVO | 23.4R2-EVO |