Improper Following of Specification by Caller in Junos OS of Juniper Networks Devices
CVE-2025-21601

8.7HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

An improper handling of specifications vulnerability in the web management functionalities of Junos OS for Juniper Networks, including J-Web, Captive Portal, and Juniper Secure Connect, enables an unauthenticated network-based attacker to overwhelm the device. By sending targeted traffic, the attack can lead to a situation where the CPU usage escalates to critical levels, ultimately causing the device to become unresponsive. Continuous exploitation leads to a sustained Denial of Service (DoS) condition, severely impacting device performance and reliability.

Affected Version(s)

Junos OS SRX Series 0 < 21.4R3-S9

Junos OS SRX Series 22.2 < 22.2R3-S5

Junos OS SRX Series 22.4 < 22.4R3-S4

References

https://supportportal.juniper.net/JSA96452

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Dec 26, 2024

Credit

Alexander Zielke with VegaSystems GmbH & Co. KG