NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS Evolved
CVE-2025-59967
7.1HIGH
Key Information:
- Vendor
Juniper Networks
- Status
- Vendor
- CVE Published:
- 9 October 2025
Badges
👾 Exploit Exists
What is CVE-2025-59967?
A NULL Pointer Dereference vulnerability exists in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on specific ACX devices. This flaw allows an unauthenticated adjacent attacker to exploit the system by sending crafted multicast traffic, which causes the evo-pfemand process to crash and subsequently restart. Continuous delivery of this multicast traffic can lead to a sustained Denial of Service situation. The vulnerability impacts both IPv4 and IPv6 protocols and primarily affects versions of Junos OS Evolved from 23.2R2-EVO to prior versions and specific revisions in the 23.4R1-EVO series.
Affected Version(s)
Junos OS Evolved ACX7348 23.2R2-EVO < 23.2R2-S4-EVO
Junos OS Evolved ACX7348 23.4R1-EVO < 23.4R2-EVO