CVE-2025-52961 is a resource exhaustion vulnerability classified under CWE-400 affecting Juniper Networks Junos OS Evolved on specific PTX series routers. The flaw resides in the Connectivity Fault Management (CFM) daemon (cfmd) and the Connectivity Fault Management Manager (cfmman). An attacker located on an adjacent network segment can exploit this by sending specially crafted but valid CFM packets that cause the cfmd process to spike CPU usage to 100% and cause cfmman to leak memory continuously. Over time, this resource exhaustion leads to the failure and restart of the Flexible PIC Concentrator (FPC), effectively causing a Denial-of-Service (DoS) condition. The attack requires no authentication or user interaction, making it easier to exploit in environments where adjacent network access is possible. The vulnerability affects Junos OS Evolved versions starting from 23.2R1-EVO up to 24.4R2-EVO on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, and PTX10016 hardware platforms. Operators can monitor the memory usage of cfmman using system commands to detect abnormal growth in resident set size (RSS), which can reach gigabytes before a crash occurs. No patches or exploit code are currently publicly available, but the vulnerability is officially published and tracked with a CVSS v3.1 score of 6.5, indicating a medium severity level primarily due to the impact on availability. The vulnerability does not affect versions prior to 23.2R1-EVO.

European organizations relying on Juniper PTX series routers running affected Junos OS Evolved versions face potential network disruptions due to this vulnerability. The Denial-of-Service condition can cause critical network infrastructure components to crash and restart, leading to temporary loss of routing and connectivity services. This can impact ISPs, data centers, large enterprises, and telecom providers that use these routers for backbone or edge routing. The lack of authentication requirement and the ability to exploit from an adjacent network segment increase the risk, especially in environments with less segmented or poorly controlled network access. Sustained DoS attacks could degrade service availability, affecting business continuity and potentially violating regulatory requirements for network uptime and reliability. The vulnerability could also be leveraged as part of a larger attack chain targeting network infrastructure. While no known exploits exist yet, the medium CVSS score and the critical role of affected devices underscore the importance of timely mitigation.

1. Upgrade affected Junos OS Evolved versions to fixed releases once available from Juniper Networks, as no patches are currently listed but should be prioritized upon release. 2. Implement strict network segmentation and access controls to limit adjacency and prevent unauthorized devices from sending CFM traffic to critical routers. 3. Monitor cfmman process memory usage regularly using the command 'show system processes node fpc<num> detail | match cfmman' to detect abnormal RSS growth indicative of exploitation attempts. 4. Consider automated alerts for unusual CPU spikes on cfmd and memory leaks on cfmman to enable rapid incident response. 5. Temporarily, restarting the affected device can clear memory leaks but is not a long-term solution. 6. Employ network anomaly detection systems capable of identifying unusual CFM traffic patterns. 7. Coordinate with Juniper support for guidance and early access to patches or workarounds. 8. Review and harden adjacent network segments to reduce exposure to unauthenticated traffic targeting CFM services. 9. Document and test incident response plans specifically for network device DoS scenarios to minimize downtime.