Juniper Junos vulnerabilities

CVE-2025-52960 [HIGH] CWE-120 CVE-2025-52960: A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While

CVE-2025-60004 [HIGH] CWE-754 CVE-2025-60004: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this cau

CVE-2025-59957 [HIGH] CWE-346 CVE-2025-59957: An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete control of the system. When a device isn't configured with a root password, an attacker can modify

CVE-2025-59964 [HIGH] CWE-908 CVE-2025-59964: A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Netwo A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to

CVE-2025-60010 [MEDIUM] CWE-262 CVE-2025-60010: A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolve A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the p

CVE-2025-59962 [MEDIUM] CWE-824 CVE-2025-59962: An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Net An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to cause rpd to crash and restart, leading to a Denial of Service (DoS). With

CVE-2025-59980 [MEDIUM] CWE-305 CVE-2025-59980: An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and th

CVE-2025-52955 [HIGH] CWE-131 CVE-2025-52955: An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Junipe An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow

CVE-2025-52947 [HIGH] CWE-755 CVE-2025-52947: An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leading to a Denial of Service (DoS). On ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048,

CVE-2025-52948 [HIGH] CWE-755 CVE-2025-52948: An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) process An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart. BPF provides a raw interface to data link layers in a protocol independent fashion. Interna

CVE-2025-52949 [HIGH] CWE-130 CVE-2025-52949: An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this p

CVE-2025-52984 [HIGH] CWE-476 CVE-2025-52984: A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Ju A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts

CVE-2025-52982 [HIGH] CWE-404 CVE-2025-52982: An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS o An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence o

CVE-2025-52988 [HIGH] CWE-78 CVE-2025-52988: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulner An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will b

CVE-2025-52952 [HIGH] CWE-787 CVE-2025-52952: An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Ne An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued rec

CVE-2025-30661 [HIGH] CWE-732 CVE-2025-30661: An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processin An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be execu

CVE-2025-52983 [HIGH] CWE-446 CVE-2025-52983: A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Ho A UI Discrepancy for Security Feature vulnerability in the UI of Juniper Networks Junos OS on VM Host systems allows a network-based, unauthenticated attacker to access the device. On VM Host Routing Engines (RE), even if the configured public key for root has been removed, remote users which are in possession of the corresponding private key can s

CVE-2025-52980 [HIGH] CWE-198 CVE-2025-52980: A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper N A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute,

CVE-2025-52964 [HIGH] CWE-617 CVE-2025-52964: A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos O A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a su

CVE-2025-52981 [HIGH] CVE-2025-52981: An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If a sequence of specific PIM packets is received, this will cause