Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-52955

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
11/07/2025
Last modified:
20/08/2025

Description

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> When<br /> the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. <br /> <br /> <br /> Continued receipt of these specific updates will cause a sustained Denial of Service condition.<br /> <br /> <br /> This issue affects Junos OS:<br /> <br /> * All versions before 21.2R3-S9, <br /> * All versions of 21.4, <br /> * All versions of 22.2, <br /> * from 22.4 before 22.4R3-S7, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2-S4, <br /> * from 24.2 before 24.2R2.<br /> <br /> <br /> Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions of 21.2-EVO, <br /> * All versions of 21.4-EVO, <br /> * All versions of 22.2-EVO, <br /> * from 22.4 before 22.4R3-S7-EVO, <br /> * from 23.2 before 23.2R2-S3-EVO, <br /> * from 23.4 before 23.4R2-S4-EVO, <br /> * from 24.2 before 24.2R2-EVO.

Impact

Vector 4.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/U:Green CVSS v4.0 Severity and Metrics:

Base Score: 7.10 HIGH
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/U:Green

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): None
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): Low
Recovery (R): Automatic
Provider Urgency (U): Green

Base Score 4.0
7.10
Severity 4.0
HIGH
Vector 3.x
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.50 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
6.50
Severity 3.x
MEDIUM

References to Advisories, Solutions, and Tools