Heap-based Buffer Overflow in Juniper Networks Junos OS on Multiple EX and QFX Series Devices
CVE-2025-30644

7.7HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

A heap-based buffer overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS can be exploited by an attacker sending a malformed DHCP packet to the device. This can cause the FPC to crash and restart, leading to a Denial of Service (DoS) condition. In certain rare circumstances, memory corruption may occur when DHCP Option 82 is enabled. This could not only cause the FPC to crash but might also provide an opportunity for remote code execution, giving the attacker complete control over the compromised device. The vulnerability affects several versions of Junos OS across different EX and QFX series devices.

Affected Version(s)

Junos OS EX2300 0 < 21.4R3-S9

Junos OS EX2300 22.2 < 22.2R3-S5

Junos OS EX2300 22.4 < 22.4R3-S5

References

https://supportportal.juniper.net/JSA96453

vendor-advisory

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 24, 2025