Improper Check for Unusual Conditions in Junos OS on MX Series by Juniper Networks
CVE-2025-21594

8.7HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the packet forwarding engine of Junos OS on MX Series that can lead to Denial of Service (DoS) conditions. Specifically, in scenarios involving DS-Lite and NAT, when specially crafted IPv6 traffic is processed with a prefix-length set to 56, affected ports may not be released as expected. This situation can prevent users from establishing new connections, necessitating a manual restart of the affected FPC/PIC for recovery. Notably, this issue impacts multiple versions of Junos OS, with specific versions listed for users to ensure their systems are safeguarded.

Affected Version(s)

Junos OS MX Series 0 < 21.2R3-S8

Junos OS MX Series 21.4 < 21.4R3-S7

Junos OS MX Series 22.1 < 22.1R3-S6

References

https://supportportal.juniper.net/JSA96449

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Dec 26, 2024