Improper Resource Shutdown in Juniper Networks Junos OS on MX Series Devices
CVE-2025-52982

8.2HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-52982?

An improper resource shutdown or release vulnerability exists in the SIP ALG of Juniper Networks' Junos OS when used with MX Series devices that include MS-MPC. This flaw enables an unauthenticated, network-based attacker to trigger a sequence of SIP call events that can crash and restart the MS-MPC module, leading to significant disruption of services. The issue specifically impacts configurations with two or more service sets processing SIP calls, resulting in potential service interruptions. Affected versions include those prior to 21.2R3-S9, certain 21.4 versions from 21.4R1, 22.2 versions before 22.2R3-S6, and 22.4 versions before 22.4R3-S6. Subsequent releases of Junos OS do not exhibit this vulnerability.

Affected Version(s)

Junos OS MX Series 0 < 21.2R3-S9

Junos OS MX Series 21.4 < 21.4*

Junos OS MX Series 22.2 < 22.2R3-S6

References

https://supportportal.juniper.net/JSA100088

vendor-advisory

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025