CVE-2025-60007 is a NULL Pointer Dereference vulnerability classified under CWE-476 found in the chassis daemon (chassisd) component of Juniper Networks Junos OS running on MX, SRX, and EX Series devices, excluding MX10000 and MX304 models. The flaw is triggered when a local user with low privileges executes the 'show chassis' command with specially crafted options, causing the chassisd process to dereference a NULL pointer and crash. This crash forces the daemon to restart, which in turn causes all chassis components except the Routing Engine (RE) to reinitialize. This reinitialization leads to a temporary but complete service outage on the device, affecting network availability. The system recovers automatically after the restart, but the outage duration depends on the device and environment. The vulnerability affects all Junos OS versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S2, and 24.4 versions before 24.4R2. The attack requires local access with low privileges, no user interaction is needed beyond command execution, and the vulnerability does not impact confidentiality or integrity. The CVSS v3.1 base score is 5.5, indicating medium severity with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. No public exploits have been reported to date, but the vulnerability could be leveraged in environments where local access is possible, such as through compromised accounts or insider threats.

The primary impact of CVE-2025-60007 is a Denial-of-Service condition on critical Juniper network devices (MX, SRX, EX Series), which can cause temporary network outages due to chassis component reinitialization. This affects network availability, potentially disrupting enterprise, service provider, and data center operations relying on these devices for routing, firewalling, and switching. Although the Routing Engine remains operational, the loss of other chassis components can degrade or halt network traffic forwarding and processing. Organizations with high availability requirements may experience service degradation or outages, impacting business continuity and customer service. Since the vulnerability requires local access, the risk is higher in environments where multiple users have shell or CLI access to network devices or where attackers can escalate privileges. The lack of confidentiality or integrity impact limits the scope to availability, but availability is critical in network infrastructure. The absence of known exploits reduces immediate risk but patching is essential to prevent potential future exploitation, especially in sensitive or high-value environments.

1. Apply vendor-provided patches and updates to affected Junos OS versions as soon as they become available, specifically upgrading to versions 22.4R3-S8 or later, 23.2R2-S5 or later, 23.4R2-S6 or later, 24.2R2-S2 or later, and 24.4R2 or later. 2. Restrict local access to Junos OS devices by enforcing strict access control policies, limiting CLI and shell access to trusted administrators only. 3. Implement role-based access control (RBAC) to minimize privileges granted to users, ensuring that only necessary personnel have permission to execute commands like 'show chassis'. 4. Monitor device logs and command usage for unusual or unauthorized execution of the 'show chassis' command or other suspicious activities that could indicate exploitation attempts. 5. Employ network segmentation and isolation to reduce the risk of lateral movement to critical network devices. 6. Regularly audit user accounts and access permissions on Juniper devices to detect and remove unnecessary or dormant accounts. 7. Consider deploying intrusion detection or prevention systems capable of detecting anomalous command execution patterns on network devices. 8. Prepare incident response plans to quickly recover from potential DoS events caused by this vulnerability, including device reboot procedures and failover configurations.