Juniper Networks Junos OS Evolved vulnerabilities

CVE-2025-52961 [HIGH] CWE-400 CVE-2025-52961: An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). An attacker on

CVE-2025-60004 [HIGH] CWE-754 CVE-2025-60004: An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this cau

CVE-2025-60010 [MEDIUM] CWE-262 CVE-2025-60010: A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolve A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the p

CVE-2025-59958 [MEDIUM] CWE-754 CVE-2025-59958: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engin An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability. When an output firewall filter is configured with one or more terms where the action is

CVE-2025-59962 [MEDIUM] CWE-824 CVE-2025-59962: An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Net An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the attacker's control, to cause rpd to crash and restart, leading to a Denial of Service (DoS). With

CVE-2025-60006 [MEDIUM] CWE-78 CVE-2025-60006: Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Comm Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands, the options are processed via a script in some cas

CVE-2025-52949 [HIGH] CWE-130 CVE-2025-52949: An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this p

CVE-2025-52964 [HIGH] CWE-617 CVE-2025-52964: A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos O A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a su

CVE-2025-52984 [HIGH] CWE-476 CVE-2025-52984: A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Ju A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts

CVE-2025-52955 [HIGH] CWE-131 CVE-2025-52955: An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Junipe An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow

CVE-2025-52946 [HIGH] CWE-416 Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash Junos OS and Junos OS Evolved: With traceoptions enabled, receipt of malformed AS PATH causes RPD crash A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malformed AS PATH to cause rpd to crash, resulting in a Denial of

CVE-2025-52988 [HIGH] CWE-78 CVE-2025-52988: An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulner An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted arguments to the 'request system logout' command, these will b

CVE-2025-52953 [HIGH] CWE-440 CVE-2025-52953: An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Network An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained

CVE-2025-52954 [HIGH] CWE-862 CVE-2025-52954: A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Junipe A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify t

CVE-2025-52989 [MEDIUM] CWE-140 CVE-2025-52989: An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Ju An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted annotate configuration command, can change any part

CVE-2025-52986 [MEDIUM] CWE-401 CVE-2025-52986: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (r A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain

CVE-2025-52985 [MEDIUM] CWE-480 CVE-2025-52985: A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'from prefix-list', and that prefix list contains more

CVE-2025-52958 [MEDIUM] CWE-617 CVE-2025-52958: A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos O A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition during BGP initial session establishment can lead t

CVE-2025-30648 [HIGH] CWE-20 CVE-2025-30648: An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks J An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes,

CVE-2025-30646 [HIGH] CWE-195 CVE-2025-30646: A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) o A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt