Protection Mechanism Failure in Junos OS by Juniper Networks
CVE-2025-52951

6.9MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-52951?

A vulnerability in the kernel filter processing of Juniper Networks' Junos OS enables attackers to bypass firewall filtering by sending specific IPv6 traffic to an interface. A flaw in how the 'payload-protocol' match is handled results in the acceptance of all packets, regardless of other filtering rules. This issue affects several versions of Junos OS and is a more comprehensive fix for a prior vulnerability previously published.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4R3-S11

Junos OS 22.2 < 22.2R3-S7

References

https://supportportal.juniper.net/JSA100055

vendor-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025