CVE-2025-52955 is a medium-severity vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved, specifically in the routing protocol daemon (rpd). The root cause is an incorrect calculation of buffer size (CWE-131) when processing updates triggered by continuous flapping of logical interfaces associated with routing instances. This flaw leads to memory corruption within the jflow/sflow modules, causing the rpd process to crash and subsequently restart. If an adjacent attacker repeatedly triggers these conditions by causing interface flaps, they can induce a sustained Denial of Service (DoS) condition by continuously crashing the routing daemon. The vulnerability affects a broad range of Junos OS versions, including all versions before 21.2R3-S9, all versions of 21.4 and 22.2, and multiple incremental releases up to versions before 24.2R2, as well as corresponding versions of Junos OS Evolved. Exploitation requires adjacency to the target device (local network access), high attack complexity, and high privileges, with no user interaction needed. The CVSS v3.1 base score is 4.1, reflecting a medium severity primarily due to the impact on availability without compromising confidentiality or integrity. No known exploits are currently reported in the wild. This vulnerability can disrupt network routing stability, impacting network availability and potentially causing service interruptions in environments relying on affected Juniper devices for routing and flow monitoring.

For European organizations, the impact of CVE-2025-52955 can be significant, especially for enterprises, service providers, and critical infrastructure operators that depend on Juniper Networks routing equipment for network backbone and edge routing. The vulnerability can cause repeated crashes of the routing daemon, leading to intermittent or sustained network outages. This can degrade network performance, interrupt business-critical communications, and affect services reliant on stable routing and flow monitoring (jflow/sflow). In sectors such as finance, telecommunications, energy, and government, where network availability and reliability are paramount, such disruptions could lead to operational downtime, financial losses, and reputational damage. Additionally, the need for high privileges and adjacency limits the attack surface but does not eliminate risk, particularly in environments with complex network topologies or where internal threat actors or compromised devices exist. The vulnerability does not directly expose data confidentiality or integrity but poses a clear threat to network availability and resilience.

1. Immediate patching: Organizations should prioritize upgrading affected Junos OS and Junos OS Evolved devices to the fixed versions as indicated by Juniper Networks, ensuring they are beyond the vulnerable releases (e.g., versions at or above 21.2R3-S9 or corresponding fixed releases for later versions). 2. Network segmentation: Limit adjacency exposure by segmenting management and routing protocol traffic to trusted network segments, reducing the risk of an attacker gaining the required local network access. 3. Interface stability monitoring: Implement monitoring and alerting for frequent logical interface flapping to detect abnormal patterns that could indicate exploitation attempts or network instability. 4. Access control: Restrict administrative and routing protocol access to authorized personnel and devices only, employing strong authentication and network access controls to prevent unauthorized local access. 5. Incident response readiness: Prepare for potential DoS incidents by having failover routing and redundancy mechanisms in place to maintain network availability during rpd crashes. 6. Vendor advisories: Continuously monitor Juniper Networks security advisories for updates, patches, and mitigation guidance related to this vulnerability.