CVE-2025-52980 is a high-severity vulnerability affecting the Routing Protocol Daemon (rpd) component of Juniper Networks Junos OS, specifically on SRX300 Series devices. The vulnerability arises from the use of incorrect byte ordering (CWE-198) when processing BGP updates containing a specific, valid, optional, transitive path attribute. When such a crafted BGP update is received over an established BGP session—applicable to both eBGP and iBGP over IPv4 and IPv6—the rpd process crashes and subsequently restarts, causing a Denial-of-Service (DoS) condition. This vulnerability does not require authentication, user interaction, or elevated privileges, and can be exploited remotely over the network by an unauthenticated attacker. Affected Junos OS versions include 22.1 (from 22.1R1 up to but not including 22.2R3-S4), 22.3 (before 22.3R3-S3), 22.4 (before 22.4R3-S2), 23.2 (before 23.2R2), and 23.4 (before 23.4R2). The vulnerability impacts the availability of routing services by causing rpd crashes, which can disrupt network traffic and routing stability. No known exploits are currently reported in the wild, and no patches are linked in the provided information, though Juniper Networks is expected to release updates addressing this issue. The vulnerability’s CVSS v3.1 score is 7.5 (high), reflecting its network attack vector, low complexity, no privileges or user interaction required, and impact limited to availability without affecting confidentiality or integrity.

For European organizations, this vulnerability poses a significant risk to network infrastructure stability, particularly for enterprises, service providers, and critical infrastructure operators relying on Juniper SRX300 Series devices for routing and firewall functions. A successful exploitation can cause repeated crashes of the routing daemon, leading to intermittent or prolonged network outages, degraded performance, and potential loss of connectivity between sites or to the internet. This could disrupt business operations, impact service level agreements, and affect critical communications. In sectors such as finance, healthcare, telecommunications, and government, where network availability is paramount, such disruptions could have cascading effects on operational continuity and regulatory compliance. Additionally, the vulnerability affects both IPv4 and IPv6 BGP sessions, broadening the scope of potential impact in modern dual-stack networks. Although no data confidentiality or integrity compromise is indicated, the availability impact alone can be severe, especially in environments with limited redundancy or where rapid failover is not configured.

European organizations should prioritize the following mitigation steps: 1) Inventory and identify all Juniper SRX300 Series devices running affected Junos OS versions; 2) Apply vendor-provided patches or software updates as soon as they become available to remediate the vulnerability; 3) In the interim, implement network-level controls such as BGP session filtering and validation to restrict BGP updates to trusted peers only, minimizing exposure to malicious or malformed BGP path attributes; 4) Employ BGP session protection mechanisms like TTL security checks and prefix filtering to reduce the risk of unauthorized BGP updates; 5) Monitor rpd process stability and BGP session health closely using network management and logging tools to detect anomalous crashes or restarts promptly; 6) Consider deploying redundant routing paths and failover configurations to maintain network availability in case of rpd crashes; 7) Engage with Juniper Networks support for guidance and to obtain any available interim workarounds; 8) Review and update incident response plans to include scenarios involving routing daemon failures and network outages caused by this vulnerability.