Use of Incorrect Byte Ordering Vulnerability in Juniper Networks Junos OS on SRX300 Series
CVE-2025-52980

8.7HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Vendor
CVE Published:
11 July 2025

Badges

👾 Exploit Exists

What is CVE-2025-52980?

The vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks' Junos OS on SRX300 Series potentially allows an unauthenticated, network-based attacker to trigger a Denial-of-Service (DoS) condition. Specifically, when a BGP update with a specific valid optional transitive path attribute is received over an established BGP session, it can lead rpd to crash and subsequently restart. This issue impacts both eBGP and iBGP communications over IPv4 and IPv6, making it critical for network administrators to promptly address affected versions of the software.

Affected Version(s)

Junos OS SRX300 Series 22.2 < 22.2R3-S4

Junos OS SRX300 Series 22.3 < 22.3R3-S3

Junos OS SRX300 Series 22.4 < 22.4R3-S2

References

https://supportportal.juniper.net/JSA100084
vendor-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-52980 : Use of Incorrect Byte Ordering Vulnerability in Juniper Networks Junos OS on SRX300 Series