CVE-2025-30647
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
09/04/2025
Last modified:
11/04/2025
Description
A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).<br />
<br />
In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash. <br />
<br />
user@host> show chassis fpc<br />
Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%)<br />
Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer<br />
<br />
2 Online 36 10 0 9 8 9 32768 26 0<br />
<br />
<br />
This issue affects Junos OS on MX Series: <br />
* All versions before 21.2R3-S9<br />
* from 21.4 before 21.4R3-S10<br />
* from 22.2 before 22.2R3-S6<br />
* from 22.4 before 22.4R3-S5<br />
* from 23.2 before 23.2R2-S3<br />
* from 23.4 before 23.4R2-S3<br />
* from 24.2 before 24.2R2.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH
Base Score 3.x
6.50
Severity 3.x
MEDIUM