Vulnerability-Lookup

CVE-2025-52980 (GCVE-0-2025-52980)

Vulnerability from cvelistv5 – Published: 2025-07-11 15:08 – Updated: 2025-07-15 19:55

Title

Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message

Summary

A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart. This issue affects eBGP and iBGP over IPv4 and IPv6. This issue affects: Junos OS: * 22.1 versions from 22.1R1 before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

CWE

CWE-198 - Use of Incorrect Byte Ordering

Assigner

juniper

References

URL

Tags

https://supportportal.juniper.net/JSA100084

vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R2 (semver) Unaffected: 0 , < 22.1R1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T16:05:20.829508Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T19:55:48.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX300 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.2R3-S4",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue the device needs to be configure to process incoming domain-path-id attributes via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... domain-path-id receive ]\u003cbr\u003e\n\n\u003c/tt\u003e\u003cbr\u003ePlease note that Junos versions before\u0026nbsp;22.3R3-S3, 22.4R3, 22.4R3-S1, 23.2R2, 23.3R2 and 23.4R1 accept this attribute by default."
            }
          ],
          "value": "To be exposed to this issue the device needs to be configure to process incoming domain-path-id attributes via:\n\n[ protocols bgp ... domain-path-id receive ]\n\n\n\nPlease note that Junos versions before\u00a022.3R3-S3, 22.4R3, 22.4R3-S1, 23.2R2, 23.3R2 and 23.4R1 accept this attribute by default."
        }
      ],
      "datePublic": "2025-07-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Use of Incorrect Byte Ordering \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\n\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial-of-Service (DoS)\u003c/span\u003e.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eWhen a\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(251, 251, 251);\"\u003eBGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects eBGP and iBGP over IPv4 and IPv6.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.1 versions from 22.1R1 before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Use of Incorrect Byte Ordering \n\nvulnerability \n\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nWhen a\u00a0BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\n\nThis issue affects eBGP and iBGP over IPv4 and IPv6.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  22.1 versions from 22.1R1 before 22.2R3-S4,\n  *  22.3 versions before 22.3R3-S3,\n  *  22.4 versions before 22.4R3-S2,\n  *  23.2 versions before 23.2R2,\n  *  23.4 versions before 23.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-198",
              "description": "CWE-198 Use of Incorrect Byte Ordering",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T15:08:15.638Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA100084"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA100084",
        "defect": [
          "1784353"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-52980",
    "datePublished": "2025-07-11T15:08:15.638Z",
    "dateReserved": "2025-06-23T18:23:44.545Z",
    "dateUpdated": "2025-07-15T19:55:48.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52980\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-11T16:05:20.829508Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T16:05:23.012Z\"}}], \"cna\": {\"title\": \"Junos OS: SRX300 Series: rpd will crash upon receiving a specific, valid BGP UPDATE message\", \"source\": {\"defect\": [\"1784353\"], \"advisory\": \"JSA100084\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 8.7, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.3\", \"lessThan\": \"22.3R3-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R3-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"22.1R1\", \"versionType\": \"semver\"}], \"platforms\": [\"SRX300 Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\nJunos OS: 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R2, 24.2R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2025-07-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA100084\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Use of Incorrect Byte Ordering \\n\\nvulnerability \\n\\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\\n\\n\\n\\nWhen a\\u00a0BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\\n\\nThis issue affects eBGP and iBGP over IPv4 and IPv6.\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS:\\n\\n\\n\\n  *  22.1 versions from 22.1R1 before 22.2R3-S4,\\n  *  22.3 versions before 22.3R3-S3,\\n  *  22.4 versions before 22.4R3-S2,\\n  *  23.2 versions before 23.2R2,\\n  *  23.4 versions before 23.4R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Use of Incorrect Byte Ordering \\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003evulnerability \u003c/span\u003e\\n\\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDenial-of-Service (DoS)\u003c/span\u003e.\u003cbr\u003e\u003cbr\u003e\\n\\n\u003cp\u003eWhen a\u0026nbsp;\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u003cspan style=\\\"background-color: rgb(251, 251, 251);\\\"\u003eBGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eThis issue affects eBGP and iBGP over IPv4 and IPv6.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.1 versions from 22.1R1 before 22.2R3-S4,\u003c/li\u003e\u003cli\u003e22.3 versions before 22.3R3-S3,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S2,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-198\", \"description\": \"CWE-198 Use of Incorrect Byte Ordering\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed to this issue the device needs to be configure to process incoming domain-path-id attributes via:\\n\\n[ protocols bgp ... domain-path-id receive ]\\n\\n\\n\\nPlease note that Junos versions before\\u00a022.3R3-S3, 22.4R3, 22.4R3-S1, 23.2R2, 23.3R2 and 23.4R1 accept this attribute by default.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be exposed to this issue the device needs to be configure to process incoming domain-path-id attributes via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... domain-path-id receive ]\u003cbr\u003e\\n\\n\u003c/tt\u003e\u003cbr\u003ePlease note that Junos versions before\u0026nbsp;22.3R3-S3, 22.4R3, 22.4R3-S1, 23.2R2, 23.3R2 and 23.4R1 accept this attribute by default.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-07-11T15:08:15.638Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52980\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-15T19:55:48.095Z\", \"dateReserved\": \"2025-06-23T18:23:44.545Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-07-11T15:08:15.638Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0583

Vulnerability from certfr_avis - Published: 2025-07-10 - Updated: 2025-07-10

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Apstra	Apstra versions antérieures à 6.0.0
Juniper Networks	Security Director	Security Director versions antérieures à 24.4.1-1703
Juniper Networks	CTPView	CTPview versions antérieures à 9.3R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.4R3-S7-EVO, 22.2R3-S6-EVO, 22.2R3-S7-EVO, 22.3R3-S3-EVO, 22.4R3-S5-EVO, 22.4R3-S6-EVO, 22.4R3-S7-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S3-EVO, 23.2R2-S4-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S4-EVO, 23.4R2-S5-EVO, 24.2R1-EVO, 24.2R2-EVO, 24.2R2-S1-EVO, 24.4R1-EVO, 24.4R1-S2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.1R1-EVO et 25.2R1-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9, 21.4R3-S10, 21.4R3-S11, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.2R3-S1, 22.2R3-S4, 22.2R3-S5, 22.2R3-S6, 22.2R3-S7, 22.3R3-S3, 22.4R2, 22.4R3-S2, 22.4R3-S5, 22.4R3-S6, 22.4R3-S7, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S3, 23.2R2-S4, 23.4R1-S2, 23.4R2, 23.4R2-S3, 23.4R2-S4, 23.4R2-S5, 24.2R1, 24.2R1-S1, 24.2R1-S2, 24.2R2, 24.2R2-S1, 24.4R1, 24.4R1-S2, 24.4R1-S3, 24.4R2 et 25.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks CVE-2025-52988	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52963	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52958	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52985	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52986	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2024-3596	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52989	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52981	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52983	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52946	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52954	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52953	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52947	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52949	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks 2025-07-Security-Bulletin-Juniper-Apstra-Multiple-Vulnerabilities-resolved-in-Intel-microcode-package	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-26466	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52955	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52952	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-30661	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52951	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52984	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52948	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52964	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52982	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52950	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52980	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-6549	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks 2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397	2025-07-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apstra versions ant\u00e9rieures \u00e0 6.0.0",
      "product": {
        "name": "Apstra",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director versions ant\u00e9rieures \u00e0 24.4.1-1703",
      "product": {
        "name": "Security Director",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPview versions ant\u00e9rieures \u00e0 9.3R2",
      "product": {
        "name": "CTPView",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO, 22.2R3-S6-EVO, 22.2R3-S7-EVO, 22.3R3-S3-EVO, 22.4R3-S5-EVO, 22.4R3-S6-EVO, 22.4R3-S7-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S3-EVO, 23.2R2-S4-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S4-EVO, 23.4R2-S5-EVO, 24.2R1-EVO, 24.2R2-EVO, 24.2R2-S1-EVO, 24.4R1-EVO, 24.4R1-S2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.1R1-EVO et 25.2R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9, 21.4R3-S10, 21.4R3-S11, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.2R3-S1, 22.2R3-S4, 22.2R3-S5, 22.2R3-S6, 22.2R3-S7, 22.3R3-S3, 22.4R2, 22.4R3-S2, 22.4R3-S5, 22.4R3-S6, 22.4R3-S7, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S3, 23.2R2-S4, 23.4R1-S2, 23.4R2, 23.4R2-S3, 23.4R2-S4, 23.4R2-S5, 24.2R1, 24.2R1-S1, 24.2R1-S2, 24.2R2, 24.2R2-S1, 24.4R1, 24.4R1-S2, 24.4R1-S3, 24.4R2 et 25.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-52984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52984"
    },
    {
      "name": "CVE-2020-10136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10136"
    },
    {
      "name": "CVE-2024-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23918"
    },
    {
      "name": "CVE-2024-21820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21820"
    },
    {
      "name": "CVE-2025-52950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52950"
    },
    {
      "name": "CVE-2025-52983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52983"
    },
    {
      "name": "CVE-2025-52952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52952"
    },
    {
      "name": "CVE-2025-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52963"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2025-26466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
    },
    {
      "name": "CVE-2024-23984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23984"
    },
    {
      "name": "CVE-2025-52986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52986"
    },
    {
      "name": "CVE-2025-52988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52988"
    },
    {
      "name": "CVE-2025-52949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52949"
    },
    {
      "name": "CVE-2025-6549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6549"
    },
    {
      "name": "CVE-2025-52954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52954"
    },
    {
      "name": "CVE-2024-7595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7595"
    },
    {
      "name": "CVE-2025-52947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52947"
    },
    {
      "name": "CVE-2025-52958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52958"
    },
    {
      "name": "CVE-2025-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52964"
    },
    {
      "name": "CVE-2025-52946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52946"
    },
    {
      "name": "CVE-2024-21853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21853"
    },
    {
      "name": "CVE-2025-52951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52951"
    },
    {
      "name": "CVE-2025-23019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23019"
    },
    {
      "name": "CVE-2025-52955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52955"
    },
    {
      "name": "CVE-2025-23018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23018"
    },
    {
      "name": "CVE-2025-52948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52948"
    },
    {
      "name": "CVE-2025-52981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52981"
    },
    {
      "name": "CVE-2024-24968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24968"
    },
    {
      "name": "CVE-2025-52953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52953"
    },
    {
      "name": "CVE-2025-52985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52985"
    },
    {
      "name": "CVE-2025-52989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52989"
    },
    {
      "name": "CVE-2025-52980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52980"
    },
    {
      "name": "CVE-2025-52982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52982"
    },
    {
      "name": "CVE-2025-30661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30661"
    }
  ],
  "initial_release_date": "2025-07-10T00:00:00",
  "last_revision_date": "2025-07-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0583",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52988",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Privilege-escalation-via-CLI-command-request-system-logout-CVE-2025-52988"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52963",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-A-low-privileged-user-can-disable-an-interface-CVE-2025-52963"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52958",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-route-validation-is-enabled-BGP-connection-establishment-failure-causes-RPD-crash-CVE-2025-52958"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52985",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-When-a-control-plane-firewall-filter-refers-to-a-prefix-list-with-more-then-10-entries-it-s-not-matching-CVE-2025-52985"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52986",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-RIB-sharding-is-configured-each-time-a-show-command-is-executed-RPD-memory-leaks-CVE-2025-52986"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2024-3596",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Vulnerability-in-the-RADIUS-protocol-for-Subscriber-Management-Blast-RADIUS-CVE-2024-3596"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52989",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Annotate-configuration-command-can-be-used-for-privilege-escalation-CVE-2025-52989"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52981",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2025-52981"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52983",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-After-removing-ssh-public-key-authentication-root-can-still-log-in-CVE-2025-52983"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52946",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-traceoptions-enabled-receipt-of-malformed-AS-PATH-causes-RPD-crash-CVE-2025-52946"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52954",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-A-low-privileged-user-can-execute-CLI-commands-and-modify-the-configuration-compromise-the-system-CVE-2025-52954"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52953",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-unauthenticated-adjacent-attacker-sending-a-valid-BGP-UPDATE-packet-forces-a-BGP-session-reset-CVE-2025-52953"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52947",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-ACX-Series-When-hot-standby-mode-is-configured-for-an-L2-circuit-interface-flap-causes-the-FEB-to-crash"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52949",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-environment-receipt-of-a-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-52949"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-07-Security-Bulletin-Juniper-Apstra-Multiple-Vulnerabilities-resolved-in-Intel-microcode-package",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Juniper-Apstra-Multiple-Vulnerabilities-resolved-in-Intel-microcode-package"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-26466",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-CTPView-OpenSSH-vulnerability-CVE-2025-26466-resolved-in-9-3R2-release"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52955",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-When-jflow-sflow-is-enabled-receipt-of-specific-route-updates-causes-rpd-crash-CVE-2025-52955"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52952",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC-BUILTIN-MPC-1-through-MPC-9-Receipt-and-processing-of-a-malformed-packet-causes-one-or-more-FPCs-to-crash-CVE-2025-52952"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-30661",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Low-privileged-user-can-cause-script-to-run-as-root-leading-to-privilege-escalation-CVE-2025-30661"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52951",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-IPv6-firewall-filter-fails-to-match-payload-protocol-CVE-2025-52951"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52984",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-a-static-route-points-to-an-unreachable-next-hop-and-a-gNMI-query-for-this-route-is-processed-RPD-crashes-CVE-2025-52984"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52948",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Specific-unknown-traffic-pattern-causes-FPC-and-system-to-crash-when-packet-capturing-is-enabled-CVE-2025-52948"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52964",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-BGP-UPDATE-causes-an-rpd-crash-on-devices-with-BGP-multipath-configured-CVE-2025-52964"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52982",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-When-specific-SIP-packets-are-processed-the-MS-MPC-will-crash-CVE-2025-52982"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52950",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-multiple-endpoints-in-web-interface-CVE-2025-52950"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52980",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX300-Series-Upon-receiving-a-specific-valid-BGP-UPDATE-message-rpd-will-crash-CVE-2025-52980"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-6549",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-J-Web-can-be-exposed-on-additional-interfaces-CVE-2025-6549"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397"
    }
  ]
}

GHSA-P6JR-6CRG-PFCJ

Vulnerability from github – Published: 2025-07-11 18:30 – Updated: 2025-07-11 18:30

Details

A Use of Incorrect Byte Ordering

vulnerability

in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.

This issue affects eBGP and iBGP over IPv4 and IPv6.

This issue affects:

Junos OS:

22.1 versions from 22.1R1 before 22.2R3-S4,
22.3 versions before 22.3R3-S3,
22.4 versions before 22.4R3-S2,
23.2 versions before 23.2R2,
23.4 versions before 23.4R2.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-52980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-198"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-11T16:15:24Z",
    "severity": "HIGH"
  },
  "details": "A Use of Incorrect Byte Ordering \n\nvulnerability \n\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nWhen a\u00a0BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\n\nThis issue affects eBGP and iBGP over IPv4 and IPv6.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  22.1 versions from 22.1R1 before 22.2R3-S4,\n  *  22.3 versions before 22.3R3-S3,\n  *  22.4 versions before 22.4R3-S2,\n  *  23.2 versions before 23.2R2,\n  *  23.4 versions before 23.4R2.",
  "id": "GHSA-p6jr-6crg-pfcj",
  "modified": "2025-07-11T18:30:33Z",
  "published": "2025-07-11T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52980"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA100084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-52980

Vulnerability from fkie_nvd - Published: 2025-07-11 16:15 - Updated: 2026-01-23 19:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA100084	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.1
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.3
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	22.4
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.2
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	junos	23.4
juniper	srx300	-
juniper	srx320	-
juniper	srx340	-
juniper	srx345	-
juniper	srx380	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "CEB98E3F-B0A9-488F-ACFC-56B9485E7C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "20EBC676-1B26-4A71-8326-0F892124290A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "19326769-2F08-4E61-8246-CCE7AE4483F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
              "matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8494546C-00EA-49B6-B6FA-FDE42CA5B1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8B74AC3E-8FC9-400A-A176-4F7F21F10756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Use of Incorrect Byte Ordering \n\nvulnerability \n\nin the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nWhen a\u00a0BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.\n\nThis issue affects eBGP and iBGP over IPv4 and IPv6.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  22.1 versions from 22.1R1 before 22.2R3-S4,\n  *  22.3 versions before 22.3R3-S3,\n  *  22.4 versions before 22.4R3-S2,\n  *  23.2 versions before 23.2R2,\n  *  23.4 versions before 23.4R2."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ordenamiento incorrecto de bytes en el daemon de protocolo de enrutamiento (rpd) del sistema operativo Junos de Juniper Networks en la serie SRX300 permite que un atacante no autenticado basado en la red provoque una denegaci\u00f3n de servicio (DoS). Cuando se recibe una actualizaci\u00f3n de BGP a trav\u00e9s de una sesi\u00f3n BGP establecida que contiene un atributo de ruta transitiva espec\u00edfico, v\u00e1lido y opcional, el rpd se bloquea y se reinicia. Este problema afecta a eBGP e iBGP sobre IPv4 e IPv6. Este problema afecta a: Junos OS: * versiones 22.1 a partir de 22.1R1 anteriores a 22.2R3-S4, * versiones 22.3 anteriores a 22.3R3-S3, * versiones 22.4 anteriores a 22.4R3-S2, * versiones 23.2 anteriores a 23.2R2, * versiones 23.4 anteriores a 23.4R2."
    }
  ],
  "id": "CVE-2025-52980",
  "lastModified": "2026-01-23T19:37:52.567",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "AUTOMATIC",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-11T16:15:24.647",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA100084"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-198"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-52980 (GCVE-0-2025-52980)

CERTFR-2025-AVI-0583

Solutions

GHSA-P6JR-6CRG-PFCJ

FKIE_CVE-2025-52980

Tags

Sightings

Nomenclature