Juniper Junos OS Flaw Allows Attackers to Cause Denial of Service
A critical vulnerability in Juniper Networks’ Junos OS and Junos OS Evolved has been disclosed that permits unauthenticated adjacent attackers to trigger a sustained denial of service by sending specially crafted BGP UPDATE packets.
The issue, tracked as CVE-2025-52953, affects a wide range of Junos OS and Junos OS Evolved releases and carries medium severity ratings under both CVSS v3.1 (6.5) and CVSS v4.0 (7.1). ‘Juniper has published Security Bulletin JSA100059 and released patched software versions to address the flaw.
Security Bulletin JSA100059, created and last updated on July 9, 2025, describes an “Expected Behavior Violation” vulnerability in the routing protocol daemon (rpd) component of Junos OS and Junos OS Evolved.
An unauthenticated attacker with adjacent network access can deliver a valid BGP UPDATE message that forces a live BGP session reset between peers.
Continuous exploitation leads to repeated session resets, resulting in a full denial of routing functionality and potential traffic blackholing for both IPv4 and IPv6 networks.
The flaw impacts iBGP and eBGP configurations when a network is configured to support IPv6 VPN unicast address families.
Junos OS versions prior to 21.2R3-S9, 21.4 before 21.4R3-S11, 22.2 before 22.2R3-S7, 22.4 before 22.4R3-S7, 23.2 before 23.2R2-S4, 23.4 before 23.4R2-S4, 24.2 before 24.2R2, and 24.4 before 24.4R1-S3 or 24.4R2 are affected.
Similarly, Junos OS Evolved releases before 22.2R3-S7-EVO, 22.4-EVO before 22.4R3-S7-EVO, 23.2-EVO before 23.2R2-S4-EVO, 23.4-EVO before 23.4R2-S4-EVO, 24.2-EVO before 24.2R2-EVO, and 24.4-EVO before 24.4R1-S3-EVO or 24.4R2-EVO are vulnerable.
To aid network operators in rapidly assessing their risk posture, the following table summarizes the key details of CVE-2025-52953 and the corresponding Juniper advisory.
CVE Identifier | Affected Versions | Severity (CVSS v3.1) | Severity (CVSS v4.0) |
CVE-2025-52953 | Junos OS before 21.2R3-S9, 21.4 before 21.4R3-S11, 22.2 before 22.2R3-S7, 22.4 before 22.4R3-S7, 23.2 before 23.2R2-S4, 23.4 before 23.4R2-S4, 24.2 before 24.2R2, 24.4 before 24.4R1-S3 or 24.4R2; Junos OS Evolved before 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO. | 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/A:H) | 7.1 (AV:A/AC:L/AT:N/PR:N/UI:N/VA:H/RA:C) |
Juniper’s advisory notes that no workarounds are currently available, and that the SIRT team is not aware of any active exploitation in the wild.
The vulnerability was discovered during routine production testing and reported through Juniper’s responsible disclosure process.
Juniper customers may track remediation progress under bug ID 1855477 on the company’s support portal.
Network administrators are urged to review their BGP configurations for IPv6 VPN unicast address families and apply the updated code as soon as possible.
Failure to do so could leave enterprise, service provider, and data center routers vulnerable to session resets and sustained service outages.
By promptly patching Junos OS and Junos OS Evolved, organizations can ensure continued network stability and resilience against BGP-based denial of service attacks.
Stay Updated on Daily Cybersecurity News . Follow us on Google News, LinkedIn, and X.
Source link