NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS
CVE-2025-52984

8.2HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 11 July 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-52984?

A NULL Pointer Dereference vulnerability exists in the routing protocol daemon (rpd) of Juniper Networks’ Junos OS and Junos OS Evolved. This flaw allows unauthenticated attackers to exploit the availability of network devices by triggering a crash when specific gNMI queries are processed for static routes that point to a reject next hop. As a result, the rpd crashes and the device subsequently restarts, leading to potential service disruptions.

Affected Version(s)

Junos OS 0 < 21.2R3-S9

Junos OS 21.4 < 21.4R3-S10

Junos OS 22.2 < 22.2R3-S6

References

https://supportportal.juniper.net/JSA100090

vendor-advisory

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jul 11, 2025
Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jun 23, 2025