CVE-2025-30660

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop.

When this issue occurs the following logs can be observed:

<fpc #> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <…>

This issue affects Junos OS:

  • all versions before 21.2R3-S9,
  • 21.4 versions before 21.4R3-S8,
  • 22.2 versions before 22.2R3-S4,
  • 22.4 versions before 22.4R3-S5,
  • 23.2 versions before 23.2R2-S2,
  • 23.4 versions before 23.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 21.2R3-S9affected
Juniper NetworksJunos OS21.4 < 21.4R3-S8affected
Juniper NetworksJunos OS22.2 < 22.2R3-S4affected
Juniper NetworksJunos OS22.4 < 22.4R3-S5affected
Juniper NetworksJunos OS23.2 < 23.2R2-S2affected
Juniper NetworksJunos OS23.4 < 23.4R2affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References