Juniper Networks Junos OS Evolved vulnerabilities

CVE-2025-21595 [HIGH] CWE-401 CVE-2025-21595: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine ( A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific A

CVE-2025-30651 [HIGH] CWE-805 CVE-2025-30651: A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Ju A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd cras

CVE-2025-21597 [MEDIUM] CWE-754 CVE-2025-21597: An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rp An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when BGP rib-sharding and update-threading are configured, a

CVE-2025-30653 [MEDIUM] CWE-825 CVE-2025-30653: An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Ju An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-clas

CVE-2025-30655 [MEDIUM] CWE-754 CVE-2025-30655: An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash a

CVE-2025-30654 [MEDIUM] CWE-200 CVE-2025-30654: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (U An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific show mgd command, a user with limited permissions

CVE-2025-30652 [MEDIUM] CWE-755 CVE-2025-30652: An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Jun An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS). When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd

CVE-2024-39564 [HIGH] CWE-415 Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates m

CVE-2025-21598 [HIGH] CWE-125 CVE-2025-21598: An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing prot An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS: * from 21.2R3-S8 before 21.2R3-S9, * from 2

CVE-2025-21599 [HIGH] CWE-401 CVE-2025-21599: A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaus

CVE-2025-21600 [HIGH] CWE-125 Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BG

CVE-2025-21602 [HIGH] CWE-755 CVE-2025-21602: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet

CVE-2025-21593 [HIGH] CWE-664 CVE-2025-21593: An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet whi

CVE-2024-47491 [HIGH] CWE-755 CVE-2024-47491: An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a BGP UPDATE with malformed path attribute is received over an established BGP session, rpd crashes and restarts. C

CVE-2024-39547 [HIGH] CWE-755 CVE-2024-39547: An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks J An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine (RE) to cause a CPU-based Denial of Service (DoS). If specially crafted TCP traffic is received by the control p

CVE-2024-47490 [HIGH] CWE-923 CVE-2024-47490: An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet F An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS

CVE-2024-47509 [HIGH] CWE-770 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #3 Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #3 An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (D

CVE-2024-47495 [HIGH] CWE-639 CVE-2024-47495: An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated att An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO

CVE-2024-47502 [HIGH] CWE-770 CVE-2024-47502: An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Netwo An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing n

CVE-2024-47498 [HIGH] CVE-2024-47498: An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Several configuration statements meant to enforce limits on MAC learning and moves can be configured but do not take effect. This can lead to control plan