CVE-2025-30652 in Junos OS
Summary
by MITRE • 04/09/2025
An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).
When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition. This issue affects Junos OS:
* All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2.
and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO, * from 22.4-EVO before 22.4R3-S6-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/29/2026
The vulnerability identified as CVE-2025-30652 represents a critical improper handling of exceptional conditions within the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved platforms. This flaw manifests when the asregex-optimized configuration parameter is enabled alongside the specific "show route as-path" command execution through the command line interface. The technical root cause stems from inadequate exception management during processing of routing information, leading to abrupt daemon termination and subsequent automatic restart cycles that disrupt normal network operations.
The operational impact of this vulnerability extends beyond simple service interruption to create sustained denial of service conditions that can severely compromise network availability and stability. Attackers exploiting this weakness can repeatedly execute the targeted CLI command to maintain continuous disruption of routing services, making this particularly dangerous in production environments where routing consistency is paramount. The vulnerability affects multiple version streams across different Junos OS releases, indicating a widespread exposure that requires comprehensive remediation across affected deployments.
Security practitioners should recognize this issue as aligning with CWE-703, which encompasses improper handling of exceptional conditions in software systems. The attack vector involves a local, low-privileged user executing specific CLI commands, making it accessible to users with basic operational permissions. This characteristic places the vulnerability within the ATT&CK framework's privilege escalation and denial of service categories, specifically mapping to techniques involving service interruption and system resource exhaustion. The rpd daemon's critical role in routing operations means that any disruption directly impacts network connectivity and forwarding decisions.
Mitigation strategies should prioritize immediate patching of affected systems to versions containing the necessary fixes, with particular attention to the specified release thresholds for both traditional Junos OS and Junos OS Evolved variants. Network administrators should implement monitoring solutions to detect repeated execution of the vulnerable CLI commands and establish automated alerting for unusual daemon restart patterns. Additionally, temporary configuration changes to disable asregex-optimized functionality where possible can serve as a compensating control while permanent patches are deployed. The vulnerability's nature as a DoS condition underscores the importance of maintaining redundant routing paths and implementing proper failover mechanisms to minimize impact during remediation activities.