CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved: * All versions of 21.2-EVO, * All versions of 21.4-EVO, * All versions of 22.2-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.
AI Analysis
Technical Summary
CVE-2025-52955 is a medium-severity vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved, specifically within the routing protocol daemon (rpd). The root cause is an incorrect calculation of buffer size (CWE-131) when processing updates related to logical interfaces that use routing instances and flap continuously. This flaw leads to memory corruption in the jflow/sflow modules, causing the rpd process to crash and subsequently restart. If the attacker continues to send these specific updates, it results in a sustained Denial of Service (DoS) condition by repeatedly crashing the rpd. The vulnerability can be exploited by an adjacent unauthenticated attacker, meaning the attacker must be on the same or directly connected network segment but does not require any authentication or user interaction. The affected Junos OS versions include all versions before 21.2R3-S9, all versions of 21.4 and 22.2, and certain subversions of 22.4, 23.2, 23.4, and 24.2. Similarly, Junos OS Evolved versions from 21.2-EVO through 24.2-EVO are affected in comparable version ranges. The CVSS v3.1 base score is 6.5, reflecting a medium severity with an attack vector of adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability (no confidentiality or integrity impact). No known exploits are currently reported in the wild, and no patches are linked in the provided data, indicating organizations should monitor vendor advisories closely for updates. This vulnerability primarily threatens network availability by causing routing daemon crashes, which can disrupt routing and traffic flow in affected Juniper network devices.
Potential Impact
For European organizations, the impact of CVE-2025-52955 can be significant, particularly for those relying on Juniper Networks infrastructure for core routing and network management. The rpd crash leads to routing disruptions and potential network outages, which can affect business continuity, especially in sectors requiring high network availability such as finance, telecommunications, healthcare, and critical infrastructure. Since the attack requires adjacency, it is most relevant in environments where untrusted or semi-trusted devices share the same Layer 2 domain or where network segmentation is weak. Sustained DoS conditions could degrade service quality or cause intermittent outages, impacting operational efficiency and potentially violating regulatory requirements for network uptime and data availability. Although confidentiality and integrity are not directly impacted, the availability disruption could indirectly affect services dependent on network stability. European organizations with extensive Juniper deployments in data centers, ISPs, or enterprise WANs should prioritize addressing this vulnerability to avoid service degradation or outages.
Mitigation Recommendations
1. Immediate mitigation should include network segmentation and strict access control to limit adjacency to trusted devices only, reducing the attack surface. 2. Monitor network interfaces for frequent logical interface flapping and investigate unusual update traffic patterns targeting jflow/sflow modules. 3. Apply vendor-released patches or updates as soon as they become available to address the buffer size calculation flaw. 4. Implement rate limiting or filtering on routing protocol update messages where possible to prevent flooding with malicious updates. 5. Use network anomaly detection tools to identify repeated rpd crashes or unusual routing daemon restarts indicative of exploitation attempts. 6. Maintain up-to-date inventory of Junos OS versions deployed and prioritize upgrades for affected versions. 7. Engage with Juniper support for any available workarounds or hotfixes if immediate patching is not feasible. 8. Conduct regular vulnerability assessments and penetration tests focusing on network layer protocols to detect potential exploitation vectors.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Switzerland
CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS
Description
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved: * All versions of 21.2-EVO, * All versions of 21.4-EVO, * All versions of 22.2-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO.
AI-Powered Analysis
Technical Analysis
CVE-2025-52955 is a medium-severity vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved, specifically within the routing protocol daemon (rpd). The root cause is an incorrect calculation of buffer size (CWE-131) when processing updates related to logical interfaces that use routing instances and flap continuously. This flaw leads to memory corruption in the jflow/sflow modules, causing the rpd process to crash and subsequently restart. If the attacker continues to send these specific updates, it results in a sustained Denial of Service (DoS) condition by repeatedly crashing the rpd. The vulnerability can be exploited by an adjacent unauthenticated attacker, meaning the attacker must be on the same or directly connected network segment but does not require any authentication or user interaction. The affected Junos OS versions include all versions before 21.2R3-S9, all versions of 21.4 and 22.2, and certain subversions of 22.4, 23.2, 23.4, and 24.2. Similarly, Junos OS Evolved versions from 21.2-EVO through 24.2-EVO are affected in comparable version ranges. The CVSS v3.1 base score is 6.5, reflecting a medium severity with an attack vector of adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability (no confidentiality or integrity impact). No known exploits are currently reported in the wild, and no patches are linked in the provided data, indicating organizations should monitor vendor advisories closely for updates. This vulnerability primarily threatens network availability by causing routing daemon crashes, which can disrupt routing and traffic flow in affected Juniper network devices.
Potential Impact
For European organizations, the impact of CVE-2025-52955 can be significant, particularly for those relying on Juniper Networks infrastructure for core routing and network management. The rpd crash leads to routing disruptions and potential network outages, which can affect business continuity, especially in sectors requiring high network availability such as finance, telecommunications, healthcare, and critical infrastructure. Since the attack requires adjacency, it is most relevant in environments where untrusted or semi-trusted devices share the same Layer 2 domain or where network segmentation is weak. Sustained DoS conditions could degrade service quality or cause intermittent outages, impacting operational efficiency and potentially violating regulatory requirements for network uptime and data availability. Although confidentiality and integrity are not directly impacted, the availability disruption could indirectly affect services dependent on network stability. European organizations with extensive Juniper deployments in data centers, ISPs, or enterprise WANs should prioritize addressing this vulnerability to avoid service degradation or outages.
Mitigation Recommendations
1. Immediate mitigation should include network segmentation and strict access control to limit adjacency to trusted devices only, reducing the attack surface. 2. Monitor network interfaces for frequent logical interface flapping and investigate unusual update traffic patterns targeting jflow/sflow modules. 3. Apply vendor-released patches or updates as soon as they become available to address the buffer size calculation flaw. 4. Implement rate limiting or filtering on routing protocol update messages where possible to prevent flooding with malicious updates. 5. Use network anomaly detection tools to identify repeated rpd crashes or unusual routing daemon restarts indicative of exploitation attempts. 6. Maintain up-to-date inventory of Junos OS versions deployed and prioritize upgrades for affected versions. 7. Engage with Juniper support for any available workarounds or hotfixes if immediate patching is not feasible. 8. Conduct regular vulnerability assessments and penetration tests focusing on network layer protocols to detect potential exploitation vectors.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- juniper
- Date Reserved
- 2025-06-23T13:16:01.410Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68717105a83201eaacb06aab
Added to database: 7/11/2025, 8:16:05 PM
Last enriched: 8/21/2025, 12:40:12 AM
Last updated: 8/22/2025, 3:55:44 PM
Views: 42
Related Threats
CVE-2025-9356: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-9355: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-43761: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-24902: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA
CriticalCVE-2025-52451: CWE-20 Improper Input Validation in Salesforce Tableau Server
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.