Juniper Networks Junos Os vulnerabilities

CVE-2025-52953 [HIGH] CWE-440 CVE-2025-52953: An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Network An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained

CVE-2025-52980 [HIGH] CWE-198 CVE-2025-52980: A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper N A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute,

CVE-2025-52989 [MEDIUM] CWE-140 CVE-2025-52989: An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Ju An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part

CVE-2025-52986 [MEDIUM] CWE-401 CVE-2025-52986: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (r A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain

CVE-2025-52963 [MEDIUM] CWE-284 CVE-2025-52963: An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS all An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS:

CVE-2025-6549 [MEDIUM] CWE-863 CVE-2025-6549: An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Serie An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over

CVE-2025-52958 [MEDIUM] CWE-617 CVE-2025-52958: A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos O A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead t

CVE-2025-52951 [MEDIUM] CWE-693 Junos OS: IPv6 firewall filter fails to match payload-protocol Junos OS: IPv6 firewall filter fails to match payload-protocol A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being sup

CVE-2025-30644 [HIGH] CWE-122 CVE-2025-30644: A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Network A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued

CVE-2025-30648 [HIGH] CWE-20 CVE-2025-30648: An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks J An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes,

CVE-2025-30656 [HIGH] CWE-167 CVE-2025-30656: An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PF An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corru

CVE-2025-30658 [HIGH] CWE-401 CVE-2025-30658: A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of J A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client re

CVE-2025-30649 [HIGH] CWE-20 CVE-2025-30649: An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Ju An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing

CVE-2025-21591 [HIGH] CWE-805 CVE-2025-21591: A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks J A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets usin

CVE-2025-30660 [HIGH] CWE-754 CVE-2025-30660: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traff

CVE-2025-30646 [HIGH] CWE-195 CVE-2025-30646: A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) o A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt

CVE-2025-21594 [HIGH] CWE-754 CVE-2025-21594: An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and pref

CVE-2025-21595 [HIGH] CWE-401 CVE-2025-21595: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific A

CVE-2025-30645 [HIGH] CWE-476 CVE-2025-30645: A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sust

CVE-2025-30659 [HIGH] CWE-130 CVE-2025-30659: An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash