CVE-2025-59962

CWE-8244 documents4 sources

Severity

6.0MEDIUM

EPSS

0.0%

top 95.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 9

Description

An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to cause rpd to crash and restart, leading to a Denial of Service (DoS). With BGP sharding enabled, triggering route resolution of an indirect next-hop (e.g., an IGP route change over which a BGP route gets resolved), may cause…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved22.3 — 22.3R3-S3-EVO+2

▶NVDjuniper/junos_os_evolved< 22.3+3

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S6+5

▶NVDjuniper/junos< 21.4+6

🔴Vulnerability Details

GHSA

GHSA-qpxp-m556-4mcr: An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP shard↗2025-10-09

▶

CVEList

Junos OS and Junos OS Evolved: With BGP sharding enabled, change in indirect next-hop can cause RPD crash↗2025-10-09

▶

📋Vendor Advisories

Juniper

CVE-2025-59962: An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP shard↗2025-10-09

▶