Denial of Service Vulnerability in Juniper Networks Junos OS Routing Protocol Daemon
CVE-2025-21597

6MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

A vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved can be exploited by an unauthenticated BGP peer, enabling the attacker to trigger a Denial of Service (DoS). When certain configurations are in place—namely BGP rib-sharding and update-threading—a BGP peer can cause rpd to crash and restart through specific timing of peer flaps. This behavior persists, leading to continuous disruptions in service. The vulnerability affects both eBGP and iBGP implementations for IPv4 and IPv6, requiring at least one established BGP session from the remote attacker, and may impact users with or without logical systems enabled.

Affected Version(s)

Junos OS 0 < 20.4R3-S8

Junos OS 21.2 < 21.2R3-S6

Junos OS 21.3 < 21.3R3-S5

References

https://kb.juniper.net/JSA96451

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Dec 26, 2024