CVE-2025-52947 is a medium-severity vulnerability affecting Juniper Networks Junos OS running on specific end-of-life ACX Series platforms, including ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices. The vulnerability arises from improper handling of exceptional conditions (CWE-755) during route processing, specifically when the primary path port of the Layer 2 (L2) circuit Interior Gateway Protocol (IGP) on the local device goes down while 'hot-standby' mode is configured. This causes the Forwarding Engine Board (FEB0) to crash, resulting in a Denial of Service (DoS) condition. The issue affects all Junos OS versions prior to 21.2R3-S9 on these platforms. The vulnerability requires an attacker to cause interface flapping on the affected device, which can be done remotely but requires access to the network segment where the device operates (attack vector: adjacent network). No privileges or user interaction are required to exploit this vulnerability. The impact is limited to availability, as confidentiality and integrity are not affected. No known exploits are currently in the wild, and no patches have been linked yet, though the fixed version is 21.2R3-S9 or later. The vulnerability is particularly relevant for organizations still operating these EOL ACX Series devices with hot-standby L2 circuit configurations, as exploitation can disrupt network forwarding capabilities and cause service outages.

For European organizations using Juniper ACX Series routers in their network infrastructure, especially those relying on the affected models for critical routing and switching functions, this vulnerability poses a risk of network disruption through DoS attacks. The crash of the Forwarding Engine Board can lead to loss of packet forwarding, impacting availability of network services, potentially causing outages in enterprise WANs, service provider networks, or data center interconnects. Given that the affected devices are EOL, organizations may face challenges in obtaining vendor support or patches, increasing operational risk. The attack requires adjacency to the network segment, so internal networks or managed service provider environments are more at risk than internet-facing devices. Disruption of routing can affect business continuity, especially for sectors with high availability requirements such as finance, telecommunications, and critical infrastructure. The lack of confidentiality or integrity impact limits the risk to data breaches, but availability loss can still have significant operational and financial consequences.

1. Upgrade affected Junos OS versions to 21.2R3-S9 or later where the vulnerability is fixed. If immediate upgrade is not feasible, consider network segmentation to isolate affected devices from untrusted or less secure network segments to reduce attack surface. 2. Disable 'hot-standby' mode on L2 circuits if operationally possible, as the vulnerability manifests only when this mode is enabled. 3. Monitor interface status and logs for unusual flapping behavior that could indicate exploitation attempts. 4. Implement strict access controls and network segmentation to limit adjacency access to critical Juniper ACX devices. 5. Develop incident response plans to quickly detect and recover from FEB crashes, including device reboots or failover procedures. 6. Engage with Juniper Networks support or authorized partners for guidance on patch availability and device upgrade paths given the EOL status of affected hardware. 7. Consider hardware refresh or migration to supported platforms to reduce exposure to unpatched vulnerabilities and improve long-term security posture.