Improper Encoding Vulnerability in Junos OS by Juniper Networks
CVE-2025-30657

6.9MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 9 April 2025

Badges

👾 Exploit Exists

Summary

An improper encoding vulnerability exists within the Sampling Route Record Daemon (SRRD) of Junos OS, allowing unauthenticated, network-based attackers to disrupt service. Specifically, when a device configured for flow-monitoring receives a malformed BGP update message, it is processed correctly by the routing protocol daemon (rpd), but an encoding error during its transfer to the SRRD causes the service to crash. This leads to temporary disruption of jflow processing until it's automatically restarted, although it does not affect traffic forwarding itself. To mitigate this vulnerability, it is essential for users to ensure their systems are updated to versions that are not impacted.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4R3-S10

Junos OS 22.2 < 22.2R3-S6

References

https://supportportal.juniper.net/JSA96467

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

👾
Exploit known to exist
Apr 9, 2025
Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 24, 2025