Juniper Junos OS/Junos OS Evolved prior 24.4R2 Routing Protocol Daemon length parameter
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.3 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in Juniper Junos OS and Junos OS Evolved. This impacts an unknown function of the component Routing Protocol Daemon. Performing a manipulation results in length parameter. This vulnerability is cataloged as CVE-2025-52949. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Juniper Junos OS and Junos OS Evolved. It has been classified as critical. This affects an unknown functionality of the component Routing Protocol Daemon. The manipulation with an unknown input leads to a length parameter vulnerability. CWE is classifying the issue as CWE-130. The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. This is going to have an impact on availability. The summary by CVE is:
An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Only systems configured for Ethernet Virtual Private Networking (EVPN) signaling are vulnerable to this issue. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects: Junos OS: * all versions before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S5-EVO, * from 24.2-EVO before 24.2R2-S1-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.
The advisory is shared at supportportal.juniper.net. This vulnerability is uniquely identified as CVE-2025-52949 since 06/23/2025. The exploitability is told to be easy. The attack can only be done within the local network. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 241652 (Juniper Junos OS Vulnerability (JSA100053)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, 24.2R2-S1, 24.4R1-S3 or 24.4R2 eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (241652) and CERT Bund (WID-SEC-2025-1519). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Juniper MX Series
- Juniper JUNOS
- Juniper SRX Series
- Juniper Security Director
- Juniper Junos Space
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.juniper.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.3
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 6.5
CNA Vector (juniper): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Length parameterCWE: CWE-130 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 241652
Nessus Name: Juniper Junos OS Vulnerability (JSA100053)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Junos OS/Junos OS Evolved 21.4R3-S11/22.2R3-S7/22.4R3-S7/23.2R2-S4/23.4R2-S5/24.2R2-S1/24.4R1-S3/24.4R2
Timeline
06/23/2025 CVE reserved07/11/2025 Advisory disclosed
07/11/2025 VulDB entry created
01/24/2026 VulDB entry last update
Sources
Vendor: juniper.netAdvisory: JSA100053
Status: Confirmed
CVE: CVE-2025-52949 (🔒)
GCVE (CVE): GCVE-0-2025-52949
GCVE (VulDB): GCVE-100-316149
CERT Bund: WID-SEC-2025-1519 - Juniper JUNOS: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Entry
Created: 07/11/2025 20:17Updated: 01/24/2026 06:03
Changes: 07/11/2025 20:17 (81), 07/12/2025 08:17 (2), 10/12/2025 02:22 (7), 01/24/2026 06:03 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.