Out-of-Bounds Write Vulnerability in Juniper Junos OS on MX Series Devices
CVE-2025-52952

7.1HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-52952?

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to exploit the issue by sending a malformed packet, which can lead to repeated crashes and restarts of the FPC. This situation results in a prolonged Denial of Service (DoS) condition, affecting the overall availability of the device. Continuous processing of this packet exacerbates the DoS impact, compromising the reliability of network operations. It's notable that this vulnerability is not enabled by default.

Affected Version(s)

Junos OS MX Series with MPC-BUILTIN 0 < 22.2R3-S1

Junos OS MX Series with MPC-BUILTIN 22.4 < 22.4R2

References

https://supportportal.juniper.net/JSA100058

vendor-advisory

https://www.juniper.net/documentation/us/en/software/juno...

technical-description

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025