CVE-2025-52964 is a Reachable Assertion vulnerability (CWE-617) found in the Routing Protocol Daemon (rpd) component of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS) condition by sending a specially crafted BGP UPDATE packet. The vulnerability is triggered only when the affected device has BGP multipath configured with the "pause-computation-during-churn" feature enabled. Upon receiving the malicious BGP UPDATE, the rpd process crashes and restarts, disrupting routing functionality. If the attacker continuously sends these crafted packets, the device experiences a sustained DoS, impacting network availability. The vulnerability affects multiple versions of Junos OS and Junos OS Evolved prior to specific patch releases: all versions before 21.4R3-S7, and certain builds in 22.3, 22.4, 23.2, and 23.4 branches before their respective patch releases. Exploitation requires an established BGP peer relationship, meaning the attacker must be able to send BGP UPDATE messages from a peer device. No authentication or user interaction is required beyond this network-level access. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the vulnerability's impact on availability only, with no confidentiality or integrity impact. There are no known exploits in the wild at this time, and no official patches are linked in the provided data, though fixed versions are identified. This vulnerability is significant for network infrastructure relying on Juniper routing devices running affected Junos OS versions with the specific BGP multipath configuration enabled, as it can cause routing outages and network instability.

For European organizations, this vulnerability poses a risk primarily to network infrastructure availability. Juniper Networks devices are widely used in enterprise and service provider networks across Europe, including critical infrastructure, telecommunications, and large enterprises. A successful exploitation could cause routing daemon crashes leading to network outages or degraded performance, impacting business continuity and service delivery. Organizations relying on BGP multipath with "pause-computation-during-churn" enabled are particularly vulnerable. Disruptions in routing can affect interconnectivity between data centers, cloud services, and internet exchanges, which are vital for European digital economy operations. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could be severe in environments where high uptime and stable routing are essential. Additionally, the requirement for an established BGP peer relationship limits the attack surface to trusted or semi-trusted network peers, but insider threats or compromised peers could exploit this. Given the strategic importance of telecommunications and internet infrastructure in Europe, any sustained DoS on routing devices could have cascading effects on multiple sectors.

1. Immediate mitigation involves verifying if Juniper devices in the network run affected Junos OS or Junos OS Evolved versions with BGP multipath and "pause-computation-during-churn" enabled. 2. Disable the "pause-computation-during-churn" feature on BGP multipath configurations if feasible, as this condition is required for exploitation. 3. Restrict BGP peer relationships to trusted and authenticated peers only, and implement strict filtering and validation of BGP UPDATE messages to prevent malicious or malformed packets from untrusted sources. 4. Monitor rpd process stability and BGP session health for signs of crashes or restarts that could indicate exploitation attempts. 5. Apply vendor-released patches or software updates as soon as they become available for the affected Junos OS versions. 6. Employ network segmentation and access controls to limit which devices can establish BGP sessions with critical routers. 7. Use anomaly detection systems to identify unusual BGP UPDATE traffic patterns that could signal an attack. 8. Coordinate with Juniper support and subscribe to security advisories to stay informed about updates and mitigation guidance.