Juniper Junos OS up to 23.4R1 on SRX flowd null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Juniper Junos OS up to 23.4R1 on SRX. It has been rated as critical. Affected by this issue is some unknown functionality of the component flowd. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-30645. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.
Details
A vulnerability, which was classified as critical, has been found in Juniper Junos OS up to 23.4R1 on SRX. This issue affects an unknown function of the component flowd. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. The summary by CVE is:
A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2.
It is possible to read the advisory at supportportal.juniper.net. The identification of this vulnerability is CVE-2025-30645 since 03/24/2025. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 234088 (Juniper Junos OS Vulnerability (JSA96455)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3 or 23.4R2 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (234088). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.juniper.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 7.5
CNA Vector (juniper): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 234088
Nessus Name: Juniper Junos OS Vulnerability (JSA96455)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Junos OS 21.2R3-S9/21.4R3-S9/22.2R3-S5/22.4R3-S6/23.2R2-S3/23.4R2
Timeline
03/24/2025 🔍04/09/2025 🔍
04/09/2025 🔍
01/26/2026 🔍
Sources
Vendor: juniper.netAdvisory: JSA96455
Status: Confirmed
CVE: CVE-2025-30645 (🔍)
GCVE (CVE): GCVE-0-2025-30645
GCVE (VulDB): GCVE-100-304283
Entry
Created: 04/09/2025 22:29Updated: 01/26/2026 22:31
Changes: 04/09/2025 22:29 (84), 04/10/2025 04:32 (2), 01/26/2026 22:31 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.