Improper Handling of Exceptional Conditions in Junos OS on Juniper Networks Devices
CVE-2025-21596

5.5MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos OS
Vendor: CVE Published:; 9 January 2025

🔔 Create Juniper Networks Vulnerability Alert

What is CVE-2025-21596?

A vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows an authenticated local attacker with low privileges to execute the 'show chassis environment pem' command. This results in the chassis daemon (chassisd) crashing and restarting, thereby causing a temporary Denial of Service. Continuously executing this command may lead to the chassisd process failing to restart, which severely disrupts packet processing on the affected systems. Users must be aware of the versions impacted to mitigate risks associated with this vulnerability.

References

https://supportportal.juniper.net/JSA92864

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025