cbcvebase.
CVE-2025-52980
published 2025-07-11

CVE-2025-52980: A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated…

high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUYRAVXREMUX
A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart. This issue affects eBGP and iBGP over IPv4 and IPv6. This issue affects: Junos OS: * 22.1 versions from 22.1R1 before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Affected

14 ranges
VendorProductVersion rangeFixed in
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos_os
junipersrx_series
juniper_networksjunos_os>= 22.2 < 22.2R3-S422.2R3-S4
juniper_networksjunos_os>= 22.3 < 22.3R3-S322.3R3-S3
juniper_networksjunos_os>= 22.4 < 22.4R3-S222.4R3-S2
juniper_networksjunos_os>= 23.2 < 23.2R223.2R2
juniper_networksjunos_os>= 23.4 < 23.4R223.4R2
msrcazl3_rubygem-elasticsearch_8.9.0-1_on_azure_linux_3.0
msrccbl2_rubygem-elasticsearch_8.3.0-1_on_cbl_mariner_2.0