Untrusted Pointer Dereference Vulnerability in Juniper Networks Junos OS
CVE-2025-59959

6.8MEDIUM

Key Information:

Vendor: Juniper Networks
Status: Junos Os; Junos Os Evolved
Vendor: CVE Published:; 15 January 2026

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-59959?

An untrusted pointer dereference vulnerability within Juniper Networks’ routing protocol daemon (rpd) can be exploited by a local, authenticated attacker with limited privileges. When executing the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail', the presence of certain attributes in the intended output may trigger a crash and restart of the rpd, leading to service disruption. To mitigate this issue, users are advised to upgrade to the latest versions of Junos OS and Junos OS Evolved.

Affected Version(s)

Junos OS 0 < 22.4R3-S8

Junos OS 23.2 < 23.2R2-S5

Junos OS 23.4 < 23.4R2-S5

References

https://supportportal.juniper.net/

vendor-advisory

https://kb.juniper.net/JSA103148

vendor-advisory

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jan 15, 2026
Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Sep 23, 2025

CVE-2025-59959 Data

JSON