Junos OS: SRX4700: When forwarding-options sampling is enabled any traffic destined to the RE will cause the forwarding line card to crash and restart
CVE-2025-59964

8.7HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 9 October 2025

🔔 Create Juniper Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-59964?

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to an FPC crash and restart, resulting in a Denial of Service (DoS).

Continued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card.

This issue affects Junos OS on SRX4700:

from 24.4 before 24.4R1-S3, 24.4R2

This issue affects IPv4 and IPv6.

Affected Version(s)

Junos OS SRX4700 24.4 < 24.4R1-S3, 24.4R2

References

https://supportportal.juniper.net/JSA103153

vendor-advisory

https://www.juniper.net/documentation/us/en/software/juno...

technical-description

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 9, 2025
Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Sep 23, 2025

JSON