CVE-2025-52981
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on
SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3
allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If a sequence of specific PIM packets is received, this will cause a flowd crash and restart.
This issue affects Junos OS:
- all versions before 21.2R3-S9,
- 21.4 versions before 21.4R3-S11,
- 22.2 versions before 22.2R3-S7,
- 22.4 versions before 22.4R3-S6,
- 23.2 versions before 23.2R2-S4,
- 23.4 versions before 23.4R2-S4,
- 24.2 versions before 24.2R2.
This is a similar, but different vulnerability than the issue reported as
CVE-2024-47503, published in JSA88133.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 0 < 21.2R3-S9 | affected |
| Juniper Networks | Junos OS | 21.4 < 21.4R3-S11 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3-S7 | affected |
| Juniper Networks | Junos OS | 22.4 < 22.4R3-S6 | affected |
| Juniper Networks | Junos OS | 23.2 < 23.2R2-S4 | affected |
| Juniper Networks | Junos OS | 23.4 < 23.4R2-S4 | affected |
| Juniper Networks | Junos OS | 24.2 < 24.2R2 | affected |
Weaknesses
- CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
Workarounds
Minimize the PIM (Protocol Independent Multicast) session timeout value to be less than 5 seconds to avoid data session creation errors.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.