CVE-2025-52980

CWE-198CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
8.7HIGH
EPSS
0.1%
top 71.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart. This issue affects eBGP and iBGP over IPv4 and IPv6. This issue affects: Junos OS: * 22.1 versions from 22.1R1 be

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.222.2R3-S4+4
NVDjuniper/junos5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-p6jr-6crg-pfcj: A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthen2025-07-11
CVEList
Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message2025-07-11

📋Vendor Advisories

2
Juniper
CVE-2025-52980: A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauth2025-07-11
Microsoft
Elasticsearch Uncontrolled Resource Consumption vulnerability2025-04-08
CVE-2025-52980 (HIGH CVSS 8.7) | A Use of Incorrect Byte Ordering vu | cvebase.io