CVE-2025-52984 is a medium-severity vulnerability classified as CWE-476 (NULL Pointer Dereference) affecting Juniper Networks Junos OS and Junos OS Evolved. The flaw resides in the routing protocol daemon (rpd), a critical component responsible for routing decisions and protocol management. Specifically, when a static route is configured with a reject next hop and a gNMI (gRPC Network Management Interface) query is processed for that static route, the rpd process dereferences a NULL pointer, causing it to crash and subsequently restart. This results in a temporary denial of service affecting the availability of the network device. The vulnerability can be triggered remotely by an unauthenticated attacker over the network, requiring no user interaction, but exploitation complexity is rated high due to the specific conditions needed (static route with reject next hop and gNMI query). The affected Junos OS versions include all releases prior to 21.2R3-S9, 21.4 versions before 21.4R3-S10, 22.2 versions before 22.2R3-S6, 22.4 versions before 22.4R3-S6, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S4, and 24.2 versions before 24.2R1-S2 and 24.2R2. Similarly, Junos OS Evolved versions prior to 22.4R3-S7-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, and 24.2R2-EVO are affected. No known exploits are currently in the wild, but the vulnerability poses a risk to network availability due to the potential for repeated rpd crashes and restarts, which can disrupt routing and network stability. The CVSS v3.1 base score is 5.9, reflecting a medium severity with network attack vector, no privileges required, no user interaction, and impact limited to availability only.

For European organizations, this vulnerability poses a significant risk to network infrastructure stability, particularly for enterprises, service providers, and critical infrastructure operators relying on Juniper Networks devices running Junos OS or Junos OS Evolved. The rpd daemon is central to routing operations; its crash and restart can cause transient routing outages, packet loss, and network instability. This can impact business continuity, especially for organizations with high availability requirements such as financial institutions, telecommunications providers, and government agencies. The unauthenticated, remote nature of the attack vector increases the threat surface, as attackers do not need credentials or user interaction to trigger the issue. While the vulnerability does not allow data compromise or integrity manipulation, the availability impact can disrupt services and potentially cascade into broader operational issues. Given the widespread use of Juniper devices in European network backbones and enterprise environments, the vulnerability could be leveraged in targeted denial-of-service campaigns or as part of multi-stage attacks aiming to degrade network defenses.

Organizations should prioritize upgrading affected Junos OS and Junos OS Evolved devices to the fixed versions listed by Juniper Networks as soon as possible. In the interim, network administrators should audit routing configurations to identify static routes with reject next hops and consider temporarily removing or modifying these routes to avoid triggering the vulnerability. Limiting or restricting gNMI access to trusted management networks and enforcing strict access controls can reduce exposure. Deploying network segmentation to isolate management interfaces and monitoring for unusual gNMI queries or rpd process restarts can help detect exploitation attempts. Additionally, implementing redundancy and failover mechanisms for critical routing devices can mitigate the impact of transient outages caused by rpd crashes. Regularly reviewing Juniper security advisories and applying patches promptly is essential to maintain network resilience.