Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-59960

Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
15/01/2026
Last modified:
15/01/2026

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server.<br /> <br /> <br /> <br /> By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in &amp;#39;forward-only&amp;#39; mode with Option 82, the device should drop the message unless &amp;#39;trust-option82&amp;#39; is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server&amp;#39;s address pool, ultimately leading to address pool exhaustion.<br /> <br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * all versions before 21.2R3-S10,<br /> * from 21.4 before 21.4R3-S12,<br /> * all versions of 22.2,<br /> * from 22.4 before 22.4R3-S8, <br /> * from 23.2 before 23.2R2-S5, <br /> * from 23.4 before 23.4R2-S6, <br /> * from 24.2 before 24.2R2-S2, <br /> * from 24.4 before 24.4R2, <br /> * from 25.2 before 25.2R1-S1, 25.2R2.<br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * all versions before 21.4R3-S12-EVO, <br /> * all versions of 22.2-EVO,<br /> * from 22.4 before 22.4R3-S8-EVO, <br /> * from 23.2 before 23.2R2-S5-EVO, <br /> * from 23.4 before 23.4R2-S6-EVO, <br /> * from 24.2 before 24.2R2-S2-EVO, <br /> * from 24.4 before 24.4R2-EVO, <br /> * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Impact

Vector 4.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber CVSS v4.0 Severity and Metrics:

Base Score: 6.30 MEDIUM
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): Low
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): None
Availability (SA): High
Automatable (AU): Yes
Recovery (R): User
Value Density (V): Concentrated
Vulnerability Response Effort (RE): Moderate
Provider Urgency (U): Amber

Base Score 4.0
6.30
Severity 4.0
MEDIUM
Vector 3.x
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.40 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
7.40
Severity 3.x
HIGH

References to Advisories, Solutions, and Tools