CVE-2025-60004

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS).

When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart.

A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur.

This issue affects iBGP and eBGP, over IPv4 and IPv6.

This issue affects: Junos OS:

  • 23.4 versions from

23.4R2-S3 before 23.4R2-S5,

  • 24.2 versions from

24.2R2

before 24.2R2-S1,

  • 24.4 versions before 24.4R1-S3, 24.4R2;

Junos OS Evolved:

  • 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO,
  • 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO,
  • 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS23.4R2-S3 < 23.4R2-S5affected
Juniper NetworksJunos OS24.2R2 < 24.2R2-S1affected
Juniper NetworksJunos OS24.4R1 < 24.4R1-S3, 24.4R2affected
Juniper NetworksJunos OS Evolved23.4R2-S2-EVO < 23.4R2-S5-EVOaffected
Juniper NetworksJunos OS Evolved24.2R2-EVO < 24.2R2-S1-EVOaffected
Juniper NetworksJunos OS Evolved24.4R1-EVO < 24.4R1-S3-EVO, 24.4R2-EVOaffected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References