CVE-2025-52946 is a high-severity Use After Free (CWE-416) vulnerability affecting the routing protocol daemon (rpd) component of Juniper Networks Junos OS and Junos OS Evolved. The vulnerability is triggered when an attacker sends a Border Gateway Protocol (BGP) update containing a specifically malformed AS PATH attribute. This malformed attribute causes the rpd process to crash and subsequently restart, resulting in a Denial of Service (DoS) condition. If the attacker continuously sends such malformed BGP updates, the DoS condition can be sustained, severely impacting network routing stability. The vulnerability only affects systems with BGP traceoptions enabled, which is a diagnostic feature used for detailed BGP message logging and troubleshooting. Systems without BGP traceoptions enabled are not vulnerable. The flaw impacts multiple versions of Junos OS and Junos OS Evolved, specifically all versions before 21.2R3-S9, all 21.4 versions, certain versions from 22.2 through 24.2, and their corresponding Junos OS Evolved releases. This vulnerability is a more comprehensive fix for a previously disclosed issue (CVE-2024-39549). The CVSS v3.1 base score is 7.5, indicating high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No known exploits are currently reported in the wild. The vulnerability poses a significant risk to network availability and stability, particularly for organizations relying on Juniper routing infrastructure with BGP traceoptions enabled.

For European organizations, this vulnerability can have serious implications on network availability and operational continuity. Juniper Networks devices are widely deployed in enterprise, service provider, and critical infrastructure networks across Europe. An attacker exploiting this vulnerability could cause repeated crashes of the routing daemon, leading to intermittent or sustained network outages. This can disrupt internal communications, internet connectivity, and inter-domain routing, potentially affecting business operations, cloud services access, and critical communications. The impact is especially critical for telecom operators, ISPs, and large enterprises that depend on stable BGP routing for their network backbone. Additionally, the requirement for an established BGP session means that attackers with network access or compromised peers could exploit this vulnerability remotely without authentication or user interaction. This raises concerns for multi-tenant data centers and peering arrangements common in European networks. While no confidentiality or integrity impacts are noted, the availability impact alone can cause significant financial and reputational damage. The presence of traceoptions enabled in production environments, often for troubleshooting, increases the attack surface. European organizations must be aware of this risk, particularly those with Juniper infrastructure running affected Junos OS versions and BGP traceoptions enabled.

1. Immediate action should be to verify if BGP traceoptions are enabled on Juniper devices running affected Junos OS versions. If traceoptions are not required for active troubleshooting, disable them to eliminate exposure. 2. Apply the latest Juniper patches or software updates that address CVE-2025-52946 as soon as they become available. Since this vulnerability affects multiple Junos OS and Junos OS Evolved versions, coordinate with Juniper support to obtain the appropriate fixed releases. 3. Implement network segmentation and strict access controls to limit which peers can establish BGP sessions, reducing the risk of malicious BGP updates from untrusted sources. 4. Monitor BGP session stability and rpd process logs for signs of crashes or restarts, which may indicate exploitation attempts. 5. Employ anomaly detection systems to identify malformed BGP updates or unusual AS PATH attributes. 6. For environments requiring traceoptions, consider enabling them only temporarily during controlled troubleshooting windows and disable immediately afterward. 7. Engage with Juniper Networks for guidance on best practices for secure BGP configuration and traceoptions usage. 8. Review and update incident response plans to include procedures for handling routing daemon crashes and potential DoS attacks targeting network infrastructure.