Out-of-bounds Read Vulnerability in Juniper Networks Junos OS and Junos OS Evolved
CVE-2025-21598

7.5HIGH

Key Information:

Vendor
Juniper Networks
Vendor
CVE Published:
9 January 2025

Badges

📈 Score: 749📰 News Worthy

What is CVE-2025-21598?

CVE-2025-21598 is an Out-of-bounds Read vulnerability found in the Juniper Networks Junos OS and Junos OS Evolved. This vulnerability exists within the routing protocol daemon (rpd) and allows unauthenticated, network-based attackers to send malformed Border Gateway Protocol (BGP) packets to affected devices, specifically those configured with packet receive trace options. If exploited, this can lead to a crash of the routing protocol daemon, potentially disrupting network services and affecting the overall integrity and availability of the organization’s network infrastructure.

Technical Details

This vulnerability affects specific versions of Junos OS ranging from 21.2R3-S8 to 24.2R2 and Junos OS Evolved from 21.4R3-S7-EVO to 24.2R1-EVO. To exploit this vulnerability, an attacker must establish a BGP session and send crafted packets that exploit the handling of incoming data. The impact can propagate through multiple Autonomous Systems (ASes), affecting both internal (iBGP) and external (eBGP) BGP sessions, as well as IPv4 and IPv6 protocols. Indicators of compromise include logs indicating malformed update messages, which may signal attempts to exploit the vulnerability.

Potential Impact of CVE-2025-21598

  1. Service Disruption: The most immediate impact is the potential for network outages as the routing protocol daemon crashes, disrupting network functionality and communications.

  2. Network Integrity Risks: By exploiting this vulnerability, attackers could compromise the integrity of BGP sessions, potentially allowing them to manipulate routing information, which could lead to further vulnerabilities and attacks on the network.

  3. Propagation of Attack Vectors: Since the vulnerability can facilitate the spread of malformed packets across interconnected networks, it significantly increases the risk of similar or further exploit attempts, thereby widening the attack surface across different organizational boundaries.

News Articles

favicon imageGBHackers News

Juniper Networks Vulnerability Let Remote Attacker Execute Network Attacks

Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms.

References

https://supportportal.juniper.net/JSA92867
https://www.juniper.net/documentation/us/en/software/juno...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

.