CVE-2025-52986 is a medium-severity vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved, specifically within the routing protocol daemon (rpd). The vulnerability is classified as CWE-401, indicating a Missing Release of Memory after Effective Lifetime, commonly known as a memory leak. This flaw occurs when RIB (Routing Information Base) sharding is enabled and a local, low-privileged user executes certain routing-related 'show' commands. These commands cause the rpd process to leak memory continuously, as evidenced by increasing allocations visible via the CLI command 'show task memory detail | match task_shard_mgmt_cookie'. Over time, this memory leak can consume all available memory, leading to a crash and automatic restart of the rpd process. While the vulnerability requires local access and low privileges, it does not require user interaction beyond executing the commands. The impact is limited to availability, with no direct confidentiality or integrity compromise. The affected Junos OS versions span multiple releases prior to various patch levels, including versions before 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, and 24.4R1-S2/24.4R2. Similarly, Junos OS Evolved versions before 22.2R3-S7-EVO and subsequent patch releases are affected. No known exploits are currently reported in the wild. The CVSS v3.1 base score is 5.5 (medium), reflecting the local attack vector, low complexity, low privileges required, no user interaction, and impact limited to availability. The vulnerability is significant for network infrastructure stability, as rpd is critical for routing operations in Juniper devices. Persistent crashes and restarts could disrupt network routing, causing outages or degraded performance.

For European organizations, especially those relying on Juniper Networks infrastructure for critical routing and network services, this vulnerability poses a risk to network availability. The rpd process is central to routing protocol operations; its instability can lead to routing disruptions, network outages, or degraded service quality. This is particularly impactful for ISPs, data centers, financial institutions, and large enterprises with complex network topologies. The requirement for local access limits remote exploitation risk, but insider threats or compromised administrative accounts could trigger the memory leak. Additionally, automated scripts or monitoring tools that run routing-related 'show' commands could inadvertently exacerbate the issue if RIB sharding is enabled. Network downtime or routing instability can have cascading effects on business operations, regulatory compliance (e.g., GDPR mandates on service availability), and customer trust. Given the widespread use of Juniper devices in European telecom and enterprise networks, the vulnerability could affect a broad range of sectors.

1. Immediate patching: Apply the latest Junos OS and Junos OS Evolved updates that address this vulnerability as listed in the affected versions. Prioritize devices running vulnerable versions with RIB sharding enabled. 2. Disable RIB sharding if not essential: Temporarily disable RIB sharding to prevent triggering the memory leak until patches are applied. 3. Restrict local access: Limit local user access to trusted administrators only, enforce strict access controls, and monitor for unauthorized local command execution. 4. Monitor memory usage: Regularly use the CLI command 'show task memory detail | match task_shard_mgmt_cookie' to detect abnormal memory growth in rpd. Set alerts for unusual increases. 5. Audit and control command usage: Review and restrict the use of routing-related 'show' commands that can trigger the leak, especially in automated scripts or monitoring tools. 6. Incident response readiness: Prepare to respond to potential rpd crashes by having network redundancy and failover mechanisms in place to minimize service disruption. 7. Vendor coordination: Engage with Juniper support for guidance and to receive timely updates on patches and workarounds.