CVE-2025-52982 is a medium-severity vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting Juniper Networks Junos OS running on MX Series devices equipped with MS-MPC modules. The vulnerability arises specifically in the SIP Application Layer Gateway (ALG) functionality when the device is configured with two or more service sets processing SIP calls concurrently. An unauthenticated, network-based attacker can trigger a specific sequence of SIP call events that causes the MS-MPC to crash and subsequently restart, resulting in a Denial-of-Service (DoS) condition. This disrupts the normal operation of the affected device, potentially interrupting network traffic and SIP-based communications. The vulnerability affects multiple versions of Junos OS: all versions before 21.2R3-S9, versions 21.4 starting from 21.4R1, versions 22.2 before 22.2R3-S6, and versions 22.4 before 22.4R3-S6. It is important to note that the MS-MPC module reached End-of-Life (EoL) after Junos OS 22.4, and later versions are not impacted. Additionally, MX-SPC3 and SRX Series devices are not affected by this issue. The CVSS v3.1 base score is 5.9, reflecting a medium severity level, with the vector indicating network attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, no impact on confidentiality or integrity, and high impact on availability. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, suggesting that remediation may require upgrading to fixed versions or applying vendor advisories once available.

For European organizations, this vulnerability poses a risk primarily to network infrastructure relying on Juniper MX Series routers with MS-MPC modules, especially those handling SIP-based VoIP communications. The DoS condition caused by the crash and restart of the MS-MPC can lead to temporary loss of network routing capabilities and disruption of SIP call processing, impacting business communications and potentially critical services. Organizations in sectors such as telecommunications, finance, government, and large enterprises that depend on Juniper MX Series for core routing and SIP traffic management may experience operational outages or degraded service quality. The unauthenticated nature of the attack vector increases the risk, as attackers do not need credentials or user interaction, allowing remote exploitation from the network. Although the attack complexity is high, skilled attackers targeting specific call sequences could exploit this vulnerability to cause repeated disruptions. The lack of impact on confidentiality and integrity limits the threat to availability, but availability is critical for network infrastructure, making this a significant concern. European organizations with regulatory requirements for network uptime and service continuity (e.g., GDPR mandates on availability and resilience) must consider this vulnerability seriously.

To mitigate CVE-2025-52982, European organizations should: 1) Identify all Juniper MX Series devices with MS-MPC modules in their network and verify the Junos OS versions in use. 2) Upgrade affected devices to Junos OS versions that include the fix: versions 21.2R3-S9 or later for the 21.2 branch, 21.4 versions after 21.4R1, 22.2 versions from 22.2R3-S6 onwards, and 22.4 versions from 22.4R3-S6 onwards. 3) If immediate upgrade is not feasible, consider disabling SIP ALG functionality or reducing the number of service sets processing SIP calls to one, if operationally acceptable, to avoid triggering the vulnerability. 4) Implement network segmentation and access controls to limit exposure of MX Series devices to untrusted networks, reducing the attack surface. 5) Monitor network traffic for unusual SIP call patterns that could indicate attempts to exploit this vulnerability. 6) Engage with Juniper Networks support for any available patches or workarounds and stay updated on vendor advisories. 7) Conduct regular vulnerability assessments and penetration testing focusing on SIP infrastructure and routing devices to detect potential exploitation attempts.