Juniper Junos OS Evolved prior 24.4R2-EVO /usr/bin/cfmman resource consumption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.3 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Juniper Junos OS Evolved and classified as critical. The affected element is an unknown function of the file /usr/bin/cfmman. Performing a manipulation results in resource consumption. This vulnerability is cataloged as CVE-2025-52961. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.
Details
A vulnerability, which was classified as critical, was found in Juniper Junos OS Evolved. This affects an unknown part of the file /usr/bin/cfmman. The manipulation with an unknown input leads to a resource consumption vulnerability. CWE is classifying the issue as CWE-400. The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. This is going to have an impact on availability. The summary by CVE is:
An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart. Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition. An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory. user@device> show system processes node fpc<num> detail | match cfmman Example: show system processes node fpc0 detail | match cfmman F S UID PID PPID PGID SID C PRI NI ADDR SZ WCHAN RSS PSR STIME TTY TIME CMD 4 S root 15204 1 15204 15204 0 80 0 - 90802 - 113652 4 Sep25 ? 00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016: * from 23.2R1-EVO before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO, * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 before 23.2R1-EVO.
The advisory is shared at supportportal.juniper.net. This vulnerability is uniquely identified as CVE-2025-52961 since 06/23/2025. The exploitability is told to be easy. The attack needs to be done within the local network. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 269751 (Juniper Junos OS Vulnerability (JSA103144)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 23.2R1-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S2-EVO or 24.4R2-EVO eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (269751) and CERT Bund (WID-SEC-2025-2238). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Affected
- Juniper JUNOS
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.juniper.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.3
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 6.5
CNA Vector (juniper): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Resource consumptionCWE: CWE-400 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 269751
Nessus Name: Juniper Junos OS Vulnerability (JSA103144)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Junos OS Evolved 23.2R1-EVO/23.2R2-S4-EVO/23.4R2-S4-EVO/24.2R2-EVO/24.4R1-S2-EVO/24.4R2-EVO
Timeline
06/23/2025 CVE reserved10/09/2025 Advisory disclosed
10/09/2025 VulDB entry created
01/24/2026 VulDB entry last update
Sources
Vendor: juniper.netAdvisory: JSA103144
Status: Confirmed
CVE: CVE-2025-52961 (🔒)
GCVE (CVE): GCVE-0-2025-52961
GCVE (VulDB): GCVE-100-327729
CERT Bund: WID-SEC-2025-2238 - Juniper JUNOS OS, Space, OS Evolved: Mehrere Schwachstellen
Entry
Created: 10/09/2025 18:36Updated: 01/24/2026 12:05
Changes: 10/09/2025 18:36 (81), 10/09/2025 18:37 (2), 10/09/2025 19:35 (2), 10/09/2025 20:05 (7), 01/24/2026 12:05 (1)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.