Expired Pointer Dereference Vulnerability in Junos OS by Juniper Networks
CVE-2025-30653

6MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

An Expired Pointer Dereference flaw in the Routing Protocol Daemon (rpd) of Junos OS and Junos OS Evolved enables adjacent, unauthenticated attackers to induce Denial of Service (DoS). This issue occurs in systems configured with node-link protection and specific transport classes. When an MPLS Label-Switched Path (LSP) experiences flapping, rpd may crash and restart. Prolonged LSP flapping can lead to a continuous state of Denial of Service, significantly disrupting network operations.

Affected Version(s)

Junos OS 0 < 22.2R3-S4

Junos OS 22.4 < 22.4R3-S2

Junos OS 23.2 < 23.2R2

References

https://supportportal.juniper.net/JSA96463

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 24, 2025