CVE-2025-21600
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Out-of-Bounds Read vulnerability in
the routing protocol daemon (rpd) of
Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue only affects systems configured in either of two ways:
* systems with BGP traceoptions enabled
* systems with BGP family traffic-engineering (BGP-LS)
configured
and can be exploited from a directly connected and configured BGP peer.
This issue affects iBGP and eBGP
with
any address family
configured, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects:
Junos OS:
from 21.4 before 21.4R3-S9,
- from 22.2 before 22.2R3-S5,
- from 22.3 before 22.3R3-S4,
- from 22.4 before 22.4R3-S5,
- from 23.2 before 23.2R2-S3,
- from 23.4 before 23.4R2-S3,
- from 24.2 before 24.2R1-S2, 24.2R2;
Junos OS Evolved:
- from 21.4-EVO before 21.4R3-S9-EVO,
- from 22.2-EVO before 22.2R3-S5-EVO,
- from 22.3-EVO before 22.3R3-S4-EVO,
- from 22.4-EVO before 22.4R3-S5-EVO,
- from 23.2-EVO before 23.2R2-S3-EVO,
- from 23.4-EVO before 23.4R2-S2-EVO,
- from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions of Junos OS prior to 21.3R1.
This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.
This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 21.4 < 21.4R3-S9 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3-S5 | affected |
| Juniper Networks | Junos OS | 22.3 < 22.3R3-S4 | affected |
| Juniper Networks | Junos OS | 22.4 < 22.4R3-S5 | affected |
| Juniper Networks | Junos OS | 23.2 < 23.2R2-S3 | affected |
| Juniper Networks | Junos OS | 23.4 < 23.4R2-S3 | affected |
| Juniper Networks | Junos OS | 24.2 < 24.2R1-S2, 24.2R2 | affected |
| Juniper Networks | Junos OS | 0 < 21.3R1 | unaffected |
| Juniper Networks | Junos OS Evolved | 21.4-EVO < 21.4R3-S9-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.2-EVO < 22.2R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.3-EVO < 22.3R3-S4-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.4-EVO < 22.4R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 23.2-EVO < 23.2R2-S3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 23.4-EVO < 23.4R2-S2-EVO | affected |
| Juniper Networks | Junos OS Evolved | 24.2-EVO < 24.2R1-S2-EVO, 24.2R2-EVO | affected |
| Juniper Networks | Junos OS Evolved | 0 < 21.3R1-EVO | unaffected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
Workarounds
If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.