Denial of Service Vulnerability in Junos OS by Juniper Networks
CVE-2025-30652

6.8MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

A vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows local, low-privileged attackers to cause a Denial of Service. When the 'show route as-path' CLI command is executed with asregex-optimized configured, it triggers a crash and restart of the rpd service. By repeating this command, attackers can maintain a continuous DoS condition, disrupt network operations, and potentially impact the availability of critical services. This issue affects multiple versions of both Junos OS and Junos OS Evolved, necessitating prompt updates to ensure security.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4R3-S10

Junos OS 22.2 < 22.2R3-S6

References

https://supportportal.juniper.net/JSA96462

vendor-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 24, 2025