CVE-2025-52952 is a medium-severity vulnerability identified in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS, specifically affecting MX Series routers equipped with MPC-BUILTIN, MPC1 through MPC9 line cards. The vulnerability is classified as an out-of-bounds write (CWE-787), which occurs when an attacker sends a specially crafted malformed packet to the vulnerable device. This malformed packet triggers a memory corruption condition within the CFM daemon, causing the forwarding processing card (FPC) to crash and subsequently restart. The crash and restart lead to a Denial of Service (DoS) condition, as the device becomes temporarily unavailable for forwarding traffic. If the malformed packets continue to be received and processed, the DoS condition can be sustained indefinitely. The vulnerability affects all versions of Junos OS prior to 22.2R3-S1 and versions from 22.4 up to but not including 22.4R2. Notably, the vulnerable feature (CFM daemon) is not enabled by default, which reduces the attack surface but does not eliminate risk for deployments where this feature is active. The attack vector is adjacent network access, meaning the attacker must be on the same Layer 2 network segment or have network adjacency to the target device. No authentication or user interaction is required, and the attack complexity is low, as the attacker only needs to send a malformed packet to trigger the vulnerability. The CVSS v3.1 base score is 6.5, reflecting a medium severity primarily due to the impact on availability without affecting confidentiality or integrity. No known exploits are currently reported in the wild, and no patches or mitigation links were provided at the time of publication. The vulnerability is significant for network operators relying on Juniper MX Series routers with affected Junos OS versions and enabled CFM features, as it can disrupt network availability through sustained DoS attacks.

For European organizations, this vulnerability poses a risk primarily to network infrastructure availability. Juniper MX Series routers are widely used in service provider and enterprise networks across Europe for high-performance routing and traffic management. A successful exploitation could lead to intermittent or sustained network outages, impacting critical services such as internet connectivity, VPNs, and inter-office communications. This could disrupt business operations, degrade customer experience, and potentially cause financial losses. Given the adjacency requirement, the threat is more pronounced in environments where attackers can gain Layer 2 access, such as shared data centers, multi-tenant facilities, or compromised internal networks. The lack of impact on confidentiality and integrity limits the risk to data breaches, but the availability impact alone is significant for sectors reliant on continuous network uptime, including finance, healthcare, telecommunications, and government services.

To mitigate this vulnerability, European organizations should first verify whether the CFM feature is enabled on their Juniper MX Series routers. If it is not required, disabling the CFM daemon will effectively eliminate the attack surface. For environments where CFM is necessary, organizations should upgrade affected Junos OS versions to 22.2R3-S1 or later, or 22.4R2 or later, as these versions contain fixes for the vulnerability. Network segmentation and strict access controls should be implemented to limit adjacency exposure, ensuring that only trusted devices and users have Layer 2 access to the routers. Monitoring network traffic for malformed CFM packets can help detect attempted exploitation. Additionally, implementing rate limiting or filtering on CFM traffic at network boundaries can reduce the risk of sustained DoS conditions. Regularly reviewing and applying Juniper security advisories and patches is critical to maintaining protection against emerging threats.