CVE-2025-52984 is a medium-severity vulnerability identified in Juniper Networks Junos OS and Junos OS Evolved, specifically within the routing protocol daemon (rpd). The vulnerability is a NULL Pointer Dereference (CWE-476) that occurs when a static route configured with a reject next hop is queried via gNMI (gRPC Network Management Interface). This causes the rpd process to crash and subsequently restart, leading to a temporary denial of service (DoS) condition affecting the availability of the network device. The vulnerability can be triggered by an unauthenticated attacker remotely over the network, without requiring any user interaction or prior authentication. The affected versions span multiple releases of Junos OS and Junos OS Evolved, including all versions before 21.2R3-S9, 21.4 versions before 21.4R3-S10, 22.2 versions before 22.2R3-S6, 22.4 versions before 22.4R3-S6, 23.2 versions before 23.2R2-S3, 23.4 versions before 23.4R2-S4, and 24.2 versions before 24.2R1-S2 and 24.2R2. For Junos OS Evolved, all versions before 22.4R3-S7-EVO, 23.2-EVO versions before 23.2R2-S3-EVO, 23.4-EVO versions before 23.4R2-S4-EVO, and 24.2-EVO versions before 24.2R2-EVO are affected. The vulnerability’s CVSS v3.1 score is 5.9, reflecting a medium severity level, with an attack vector of network (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and impact limited to availability (A:H) without affecting confidentiality or integrity. No known exploits are currently reported in the wild. The root cause is the improper handling of a NULL pointer when processing gNMI queries for static routes with reject next hops, resulting in a crash of the rpd process. This vulnerability primarily impacts network availability, potentially causing temporary routing disruptions or device instability in affected Juniper devices.

For European organizations, this vulnerability poses a risk to the availability of critical network infrastructure that relies on Juniper Networks Junos OS devices. Juniper routers and switches are widely deployed in enterprise, telecommunications, and service provider networks across Europe. An attacker exploiting this vulnerability could remotely cause the routing daemon to crash repeatedly, leading to intermittent or sustained network outages. This could disrupt business operations, degrade service quality, and impact connectivity for end users and customers. In sectors such as finance, healthcare, government, and critical infrastructure, where network uptime is essential, such disruptions could have significant operational and reputational consequences. Additionally, the unauthenticated nature of the attack vector increases the risk, as attackers do not need credentials or insider access to trigger the vulnerability. Although the impact is limited to availability and does not compromise confidentiality or integrity, the potential for denial of service on core routing devices makes this a concern for network resilience and continuity in European organizations.

To mitigate this vulnerability, European organizations should prioritize the following actions: 1) Immediate patching: Apply the latest Junos OS and Junos OS Evolved updates that address this vulnerability, specifically versions 21.2R3-S9 or later, 21.4R3-S10 or later, 22.2R3-S6 or later, 22.4R3-S6 or later, 23.2R2-S3 or later, 23.4R2-S4 or later, and 24.2R1-S2 or later, as applicable. 2) Configuration review: Audit static route configurations to identify any routes with reject next hops that could be targeted. Where possible, avoid or limit the use of reject next hops in static routes, or implement alternative routing policies that do not trigger the vulnerability. 3) Network segmentation and filtering: Restrict access to the gNMI interface and routing protocol daemon ports from untrusted networks. Implement firewall rules and access control lists (ACLs) to limit exposure of management interfaces to authorized personnel and systems only. 4) Monitoring and alerting: Deploy network monitoring tools to detect abnormal rpd process crashes or restarts and unusual gNMI query activity. Establish alerts for repeated daemon failures that may indicate exploitation attempts. 5) Incident response preparedness: Develop and test incident response plans to quickly isolate affected devices and restore network stability in case of exploitation. 6) Vendor communication: Stay informed of Juniper’s security advisories and updates related to this vulnerability and other emerging threats.