Buffer Size Calculation Flaw in Junos OS Routing Protocol Daemon
CVE-2025-52955

7.1HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-52955?

A vulnerability in the routing protocol daemon (rpd) of Juniper Networks' Junos OS may allow an adjacent unauthenticated attacker to trigger memory corruption. This issue occurs when a logical interface related to a routing instance flaps continuously, leading to the transmission of specific updates to the jflow/sflow modules, which ultimately destabilizes the rpd. This instability can result in the rpd crashing and automatically restarting, causing a persistent Denial of Service condition when these updates are continually processed.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4*

Junos OS 22.2 < 22.2*

References

https://supportportal.juniper.net/JSA100062

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025