CVE-2025-30644 is a high-severity heap-based buffer overflow vulnerability (CWE-122) affecting Juniper Networks Junos OS running on multiple EX and QFX series switches, including EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series. The vulnerability resides in the flexible PIC concentrator (FPC) component of Junos OS and can be triggered by an attacker sending a specially crafted DHCP packet. This packet exploits a heap overflow condition, particularly when DHCP Option 82 is enabled, which can cause memory corruption leading to an FPC crash and restart, resulting in a Denial of Service (DoS). The DoS can be sustained by continued receipt of the malicious packets, severely impacting network availability. Beyond DoS, the nature of the heap overflow could allow remote code execution (RCE) within the FPC, potentially granting an attacker complete control over the vulnerable component. This elevates the threat from service disruption to full compromise of the affected network device. The vulnerability affects multiple Junos OS versions prior to specific patched releases (e.g., before 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, and 24.2R2). Exploitation does not require user interaction or privileges but does require network access (attack vector: adjacent network). The CVSS v3.1 base score is 7.5, reflecting high impact on confidentiality, integrity, and availability, with a high attack complexity and no privileges required. No known exploits are currently reported in the wild, but the potential for RCE and sustained DoS makes this a critical vulnerability to address promptly in network infrastructure environments relying on Juniper devices.

For European organizations, this vulnerability poses significant risks to network infrastructure stability and security. Juniper EX and QFX series switches are widely deployed in enterprise, service provider, and government networks across Europe, often forming the backbone of critical communications and data centers. A successful attack could lead to prolonged network outages due to DoS conditions, disrupting business operations, communications, and essential services. Furthermore, the potential for remote code execution could allow attackers to gain persistent control over network devices, enabling interception, manipulation, or redirection of network traffic, data exfiltration, or lateral movement within the network. This could compromise sensitive data, violate GDPR compliance, and damage organizational reputation. The requirement for network adjacency means that attackers could be internal or external entities with access to the local network segment, increasing the threat from insider threats or compromised devices within the network perimeter. The timing-based nature of the memory corruption scenario suggests exploitation may be complex but not impossible, warranting urgent mitigation to prevent exploitation attempts.

1. Immediate upgrade to the latest Junos OS versions that include patches for CVE-2025-30644, specifically versions at or beyond 21.4R3-S9, 22.2R3-S5, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, or 24.2R2 depending on the device's current version. 2. If immediate patching is not feasible, implement network-level controls to block or filter DHCP packets containing Option 82 from untrusted sources or segments, limiting exposure to crafted DHCP packets. 3. Monitor network traffic for anomalous DHCP packets or repeated FPC crashes and restarts, which may indicate attempted exploitation. 4. Restrict network access to management and control plane interfaces of Juniper devices to trusted administrators and systems only, using segmentation and access control lists (ACLs). 5. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures capable of detecting exploitation attempts targeting this vulnerability. 6. Conduct regular audits of Juniper device firmware versions and configurations to ensure compliance with security best practices and timely patch application. 7. Engage with Juniper Networks support and security advisories for ongoing updates and recommended mitigations.